Azure AD domain user with external email address

We have recently come across a customer that has a domain user that is setup with the email address field containing a external email (not linked to their domain)

They have a Enterprise connection Azure AD setup with us already but as its a external email suffix I am hesitate to add it to their Home realm discovery for security. Has anyone encountered this scenario before and if so how did you handle it?

Hi @peter.cowen

Thank you for reaching out to us!

I believe that our following article on how to Send Certain Users to a Specific Connection or Identity Provider without Home Realm Discovery should provide useful information for achieving your desired flow.

Depending on your customer’s flexibility, here are some ways to overcome this issues, since it is limited to a single user:

• implement User Account Linking for the user: a second identity could be created within the tenant that can be linked to their AD Identity. This way, the user would be able to login to their normal profile via a different connection ( a Social or Username-Password Connection as an example);
• if this is the only user expected to login using a different email suffix, Home Realm Discovery could be setup only for them while all other users could be allowed to login via showing the Enterprise Connection button on the login screen, or vice-versa. Authentication will still be made against the Azure AD Identity Provider in both cases, as that is the source of truth, but I understand how this would not be a possibility.

Hope this information helped! Please do not hesitate to reach out to us for any other issues or requests.

Best regards,
Gerald

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.