Back
Identity

Alternate login ID for Office 365 reduces dependence on UPN

Share on Facebook Share on Twitter Share on Linkedin Share via OneNote Share via Email Print

Editor’s Note: 5/15/2015

Additional detail about Alternate ID incompatibilities has been added to this post.

Paul Andrew is the technical product manager for Identity Management on the Office 365 team

You can now select an alternate login ID for Office 365 no matter which of the three available identity models you use to create your user accounts. The three identity models are:

  • Cloud identity. Users are created in Office 365 and there is no on-premises integration.
  • Synchronized identity. Users and passwords exist in on-premises Active Directory and are sync’d to the cloud.
  • Federated identity. This is the same as synchronized identity, but password validation is done on-premises with Active Directory Federation Services.

Please note that Alternate ID has incompatibilities with the following features. More details is available in the article linked below titled Documentation for configuring Azure Active Directory for alternate login ID.

  • The Alternate ID feature is not compatible with Exchange Online Hybrid Deployments
  • Office 365 ProPlus activation may require explicit sign-in
  • InTune customers using SCCM connectors may require additional configuration
  • Issues with Outlook and Skype for Business integration

Previously, if you used the synchronized or federated identity model, you were required to use the User Principal Name (UPN) attribute in your on-premises Active Directory as the user sign-in name for Office 365. This caused issues if the UPN was already populated with something incompatible, such as an internal non-routable DNS suffix, or if it had duplicate entries.

AlternateSignInID

Required reliance on UPN has been removed for the synchronized identity and federated identity models, and you can now select an alternate login ID for use with Office 365 and Azure Active Directory if you use either of these models to create your user accounts. The use of UPN is still the default for these two models. If you want your users to be able to use an alternate login ID, you have to configure your system. When you configure, you can select the Mail attribute or any other attribute in your on-premises Active Directory.

Both the synchronized identity and federated identity models require configuration in Azure Active Directory, and the federated identity model requires additional configuration in Active Directory Federation Services.

Here are some links to help you configure an alternate login ID for your Office 365 users:

The option to create an alternate login ID for Office 365 users when you use the synchronized or federated identity model when you create your user accounts gives you even more choices for configuring your system the way that works best for your organization.

Paul Andrew

Top

Join the conversation

3 comments
  1. I am having a hard time finding out how to use the Alternate Login ID for Cloud Identity Office 365 setups. Most of the posts seem to focus on DirSync and ADFS.

    • Hi Pabke, Alternate Login ID is how the on-premises identity is represented to Office 365 for sign-in. Since the cloud identity model doesn’t have any on-premises directory this is not applicable. This is why there are no posts about it.

      Regards,
      Paul

Comments are closed.