Configure Entra ID (Azure AD) SCIM to use sAMAccountName
You may configure Entra ID (Azure AD) to use sAMAccountName (e.g. “username”) instead of userPrincipalName (e.g. “user.name@domain.com”) for your SCIM synchronization. This is convenient if the users in your instance are already using sAMAccountName as the username attribute.
If you already have configured SCIM, do the following to use sAMAccountName instead of userPrincipalName as the username attribute.
Map sAMAccountName as the username attribute
In the Azure Portal, navigate to attribute mappings for your configured SCIM application. This is found under Provisioning > Edit attribute mappings
2. Under the Mappings section, click Provision Azure Active Directory Users
3. Change which source attribute is used as the userName by clicking the userName row and selecting the sAMAccountName Source attribute (this typically named something like sAMAccountName (extension_xxxxxx), where xxxxxx is a random string).
Note that SCIM only updates at intervals of approximately 40 minutes, so you will not see these changes immediately. You can force a new, full synchronization to start by checking the Clear current state and restart synchronization on the Provisioning page.
Changes to the SAML login configuration
The last piece of the puzzle is to make the SAML response from Azure AD return the attribute to Kantega SSO during login. To do this, go to Single sign-on, edit the User Attributes & Claims and add a new claim with the attribute onpremisessamaccountname. In the example below, we named the claim sAMAccountName, and this can now be used as the Username attribute in the User lookup configuration in Kantega SSO.
After this change, do a test login in Kantega SSO and set the Custom username attribute to sAMAccountName (see below illustration):
Changes to the OIDC login configuration
A similar mapping as described above for SAML would need to be configured if you are using OIDC as your login protocol.