weilai-irl
commented
2 days ago Hi @slewislcm
I confirm this is expected behaviour. When using auth_oidc for SSO with Microsoft Entra ID IdP, the UPN of the account is used as the Moodle username by default, and Microsoft account UPN always contains the domain part. This is intentional - imagine you have 2 managed domains in the your tenant, a.ac.uk and b.ac.uk, you could have two Microsoft accounts with UPN 123456@a.ac.uk and 123456@b.ac.uk, but they are effectively two different accounts and having different object IDs. Using only the part before @ may cause conflicts.
There is a new feature to be released in the upcoming October 2024 release that may help. The feature will allow site admins to choose the ID/access token claim to be used as Moodle username, so as long as the desired Moodle username can be set as one of the existing claims, or added a new optional claim, this may work. Note that site admins may need to follow steps to migrate existing user records.
I'll update this issue again when the feature is released.
Regards, Lai
slewislcm
Hi, I'm hoping someone knows this fix, as it's affecting us now, and can't seem to solve it! User clicks 'login with 365', and it works fine, logs and creates account, but is creating the username with the '@domain.ac.uk' at the end, which we don't want.
So username should be '123456' on moodle, but it's being created as '123456@domain.ac.uk'.
And I can't work out how to restrict this. Also had this problem with the local_365 sync too.
Any help would very appreciated.
thanks,
Simon