You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-authentication-use-email-signin.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: active-directory
6
6
ms.service: active-directory
7
7
ms.subservice: authentication
8
8
ms.topic: how-to
9
-
ms.date: 07/07/2021
9
+
ms.date: 06/17/2022
10
10
11
11
ms.author: justinha
12
12
author: calui
@@ -27,9 +27,9 @@ Some organizations haven't moved to hybrid authentication for the following reas
27
27
* Changing the Azure AD UPN creates a mismatch between on-premises and Azure AD environments that could cause problems with certain applications and services.
28
28
* Due to business or compliance reasons, the organization doesn't want to use the on-premises UPN to sign in to Azure AD.
29
29
30
-
To help with the move to hybrid authentication, you can configure Azure AD to let users sign in with their email as an alternate login ID. For example, if *Contoso* rebranded to *Fabrikam*, rather than continuing to sign in with the legacy `[email protected]` UPN, email as an alternate login ID can be used. To access an application or service, users would sign in to Azure AD using their non-UPN email, such as `[email protected]`.
30
+
To move toward hybrid authentication, you can configure Azure AD to let users sign in with their email as an alternate login ID. For example, if *Contoso* rebranded to *Fabrikam*, rather than continuing to sign in with the legacy `[email protected]` UPN, email as an alternate login ID can be used. To access an application or service, users would sign in to Azure AD using their non-UPN email, such as `[email protected]`.
31
31
32
-
32
+
33
33
34
34
This article shows you how to enable and use email as an alternate login ID.
35
35
@@ -43,7 +43,7 @@ Here's what you need to know about email as an alternate login ID:
43
43
* The feature supports managed authentication with Password Hash Sync (PHS) or Pass-Through Authentication (PTA).
44
44
* There are two options for configuring the feature:
45
45
*[Home Realm Discovery (HRD) policy](#enable-user-sign-in-with-an-email-address) - Use this option to enable the feature for the entire tenant. Global administrator privileges required.
46
-
*[Staged rollout policy](#enable-staged-rollout-to-test-user-sign-in-with-an-email-address) - Use this option to test the feature with specific Azure AD groups. Global administrator privileges required.
46
+
*[Staged rollout policy](#enable-staged-rollout-to-test-user-sign-in-with-an-email-address) - Use this option to test the feature with specific Azure AD groups. Global administrator privileges required. When you first add a security group for staged rollout, you're limited to 200 users to avoid a UX time-out. After you've added the group, you can add more users directly to it, as required.
47
47
48
48
## Preview limitations
49
49
@@ -121,9 +121,9 @@ One of the user attributes that's automatically synchronized by Azure AD Connect
121
121
122
122
## B2B guest user sign-in with an email address
123
123
124
-
124
+
125
125
126
-
Email as an alternate login ID applies to [Azure AD B2B collaboration](../external-identities/what-is-b2b.md) under a "bring your own sign-in identifiers" model. When email as an alternate login ID is enabled in the home tenant, Azure AD users can perform guest sign in with non-UPN email on the resource tenanted endpoint. No action is required from the resource tenant to enable this functionality.
126
+
Email as an alternate login ID applies to [Azure AD B2B collaboration](../external-identities/what-is-b2b.md) under a "bring your own sign-in identifiers" model. When email as an alternate login ID is enabled in the home tenant, Azure AD users can perform guest sign in with non-UPN email on the resource tenant endpoint. No action is required from the resource tenant to enable this functionality.
127
127
128
128
## Enable user sign-in with an email address
129
129
@@ -140,12 +140,12 @@ During preview, you currently need *global administrator* permissions to enable
140
140
1. Search for and select **Azure Active Directory**.
141
141
1. From the navigation menu on the left-hand side of the Azure Active Directory window, select **Azure AD Connect > Email as alternate login ID**.
142
142
143
-
143
+
144
144
145
145
1. Click the checkbox next to *Email as an alternate login ID*.
146
146
1. Click **Save**.
147
147
148
-
148
+
149
149
150
150
With the policy applied, it can take up to 1 hour to propagate and for users to be able to sign in using their alternate login ID.
151
151
@@ -363,7 +363,7 @@ If users have trouble signing in with their email address, review the following
363
363
364
364
### Sign-in logs
365
365
366
-
:::image type="content" border="true" source="./media/howto-authentication-use-email-signin/email-alternate-login-id-logs.png" alt-text="Screenshot of Azure A D sign-in logs showing email as alternate login I D activity.":::
366
+
:::image type="content" border="true" source="./media/howto-authentication-use-email-signin/email-alternate-login-id-logs.png" alt-text="Screenshot of Azure A D sign-in logs showing email as alternate login ID activity.":::
367
367
368
368
You can review the [sign-in logs in Azure AD][sign-in-logs] for more information. Sign-ins with email as an alternate login ID will emit `proxyAddress` in the *Sign-in identifier type* field and the inputted username in the *Sign-in identifier* field.
0 commit comments