Salesforce - Internal users marked as External in MCAS

%3CLINGO-SUB%20id%3D%22lingo-sub-1081437%22%20slang%3D%22en-US%22%3ESalesforce%20-%20Internal%20users%20marked%20as%20External%20in%20MCAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1081437%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20users%20that%20do%20SSO%20with%20SAML%20to%20Salesforce%20from%20AAD%20are%20flagged%20as%20external%20in%20MCAS.%20That%C2%B4s%20because%20username%20in%20Salesforce%20are%20missmatch.%20Is%20that%20possible%20to%20solve%20ni%20MCAS%20%3F%3C%2FP%3E%3CP%3EAAD%3C%2FP%3E%3CP%3EUPN%3A%20username%40domain.com%26nbsp%3B%3C%2FP%3E%3CP%3EAAD%20Email%3A%20firstname.lastname%40domain.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESalesforce%3C%2FP%3E%3CP%3EUsername%3A%20firstname.lastname%40hr.domain.com%3C%2FP%3E%3CP%3EEmail%3A%20firstname.lastname%40domain.com%3C%2FP%3E%3CP%3EFederationID%3A%20username%40domain.com%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20change%20username%20in%20Salesforce%20to%20email%20or%20upn%20it%20will%20be%20align%2C%20but%20my%20Salesforce%20admin%20are%20not%20so%20happy%20to%20do%20the%20changes.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%20Magnus%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1081437%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1082538%22%20slang%3D%22en-US%22%3ERe%3A%20Salesforce%20-%20Internal%20users%20marked%20as%20External%20in%20MCAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1082538%22%20slang%3D%22en-US%22%3EHi%20Magnus%2C%3CBR%20%2F%3EYou%20can%20add%20%40hr.domain.com%20to%20the%20list%20of%20internal%20domains%20in%20MCAS%20for%20it%20to%20be%20marked%20as%20internal.%20See%20this%20for%20more%20info%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fgeneral-setup%23set-up-the-portal%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fgeneral-setup%23set-up-the-portal%3C%2FA%3E%20%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20can%20also%20open%20a%20support%20ticket%20in%20MCAS%20and%20ask%20to%20match%20the%20hr%20domain%20to%20the%20main%20one.%3CBR%20%2F%3E%3CBR%20%2F%3ERegards%2C%3CBR%20%2F%3EDima%3C%2FLINGO-BODY%3E
Occasional Contributor

My users that do SSO with SAML to Salesforce from AAD are flagged as external in MCAS. That´s because username in Salesforce are missmatch. Is that possible to solve ni MCAS ?

AAD

UPN: username@domain.com 

AAD Email: firstname.lastname@domain.com

 

Salesforce

Username: firstname.lastname@hr.domain.com

Email: firstname.lastname@domain.com

FederationID: username@domain.com 

 

If I change username in Salesforce to email or upn it will be align, but my Salesforce admin are not so happy to do the changes. 

 

Thanks, Magnus

1 Reply
Hi Magnus,
You can add @hr.domain.com to the list of internal domains in MCAS for it to be marked as internal. See this for more info: https://docs.microsoft.com/en-us/cloud-app-security/general-setup#set-up-the-portal

You can also open a support ticket in MCAS and ask to match the hr domain to the main one.

Regards,
Dima