Open tastle73 opened 1 week ago
I think Entra ID requires the upn (user@domain) for authentication. I was considering mapping this to the cn though (so that you could leave off the @domain
part). Is this what you're interested in?
That would work. I have also seen SAML registered apps allow for the UPN to be munged from the AAD side.
This shouldn't be too difficult to add. It would get tricky FYI if you have multiple configured domains, because then we'd pick the first matching user. For example, if you have 2 domains example.com
and test.com
configured, then a user with the UPN tux
in each domain (tux@example.com
and tux@test.com
), then we'd have to just pick the first user in the domain list.
Now that I think of it, that won't work for our use case. I need to be able to distinguish the AAD users from the local users and prevent username collisions. What would probably be useful is a parser where I could use the cn + another string like ABCtom for example.
Himmelblau filters out local account names and ignores them. As long as the CNs don't collide with local account names, it would be fine.
They will collide. A lot of our usernames are not very unique
Are the users related? Can we map the local user to an Entra Id user?
no, not at all.
Hrm, maybe I could introduce a filter option, which matches ABCtom then translates it to tom@abc.com, etc.
that would definitely work for us :)
I think I'm going to provide a script option, where you can provide a custom script that modifies the username as you wish.
let me know if you need someone to test
Ok, I'll probably have something for you to try today.
Hrm, I forgot that this could effect the user cache. This may take me a bit to sort out.
This is probably an ER.
I would like to be able to use something other than the user@domain for the username. Is this possible?