Customer has below user flow/setup
- User signs in to physical/virtual device which is domain joined to edu.lcl. Their edu.lcl identity is synced to an Azure AD Tenant via AD Connect (ABC.com).
- Office, Teams, OneDrive then tries to SSO in to apps using username@ABC.com
- The ABC.com account is not licensed for Office services, they need to use username@XYZ.com – The customer has no control over the XYZ.com tenant, its there for licensing purposes.
- We need a solution that allows the users to SSO into apps using username@XYZ.com every time. If this is not possible we need to mask hide and stop login prompts to office services for the ABC.com domain
Example for OneDrive on each login, how do we get it to remember @XYZ.com credentials?
Teams is prepopulated as below (User@ABC.com)
There are registry keys to control a lot of these settings but its unclear to customer that what the optimal setup with dual identities setup in this way. The SkipUpnPrefill option mentioned here seems temperamental for example.
Any guidance would be of great help!