Unable To Login Using Email Id On Azure Portal
Himanshu Gupta | Wed, 01 Jun 2022 at 04:56 hours | Replies : 2 | Points : 100
Category : ADFS
We have configured our on-premise AD to sync with Azure AD using AAD connect. We are using federated login using ADFS. We have already configured relying party with Azure .We do not want to use UPN as login id so we have configured mail attribute to enable login to Azure AD.
The issue we are facing is that we we able to login using abc/userid but unable to login using the mail attribute userid@abc.com
Kindly suggest how we can fix it.
This Question is already solved Click To See The Answer
Hi Himanshu,
Hope you have configured the Directory Sync, if so please follow below steps.
1. Run below command on PowerShell on ADFS primary Server and check the status.
Get-AdfsClaimsProviderTrust | Select AlternateLoginID
2. If above is not set to mail then run below command to set email as alternate login.
Set-AdfsClaimsProviderTrust -TargetIdentifier "AD AUTHORITY" -AlternateLoginID mail -LookupForests experts-adda.com
Then modify the ADFS Issuance Transform Claim Rules using the following process:
- Open up the “AD FS Management” console
- Expand “Trust Relationships” and select “Relying Party Trusts”
- Right-click “Microsoft Office 365 Identity Platform” and select “Edit Claim Rules…”
- Select “Issue UPN” claim rule and select “Edit Rule…”
- Edit the rule as below (replacing userPrincipalName with the attribute you chose) as below.
@RuleName = "Issue UPN"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/UPN"), query = "samAccountName={0};mail;{1}", param = regexreplace(c.Value, "(?<domain>[^\\]+)\\(?<user>.+)", "${user}"), param = c.Value)”
After saving the claim rule changes, the AD FS configuration change is completed.
Now, Check if you are able to login.
Hi Santosh,
Many thanks for your solution.
I have checked and it works fine.
