This is a simple question with no easy resolution (hoping be wrong!).
We have configured an ADFS for authenticating O365 users and we'd like tu use it also for a custom website via SAML. We have everything configured and working for local users, but we have external users in a different format in our AD, like [email protected] and the mail attribute is like [email protected].
The question: How can we allow the login (for this relay party trust only) with the mail attribute? Not the UPN.
We've found the alternate login Id, but we need to allow it ONLY for this relay party trust, not globally.
Is there a way of authenticate them by claims or similar? without adding scripts in the template.
Thanks!
MA.
Sadly no.
You cannot vary the logon via RP.
What you can do is run up another ADFS, put the RP on that and then enable Alternate ID for email.