Idea ID: 2873559

Login to ALM with email Adress

Status: New Idea

We need the possibility to Login to ALM with email Adress. 

I want to Import LDAP Users and the UserID Should be the AAD (Azure Active Directory Field) UserPrincipalName (which is the Email Adress in our Configuration)

Parents Comment
  • I mean in the LDAP Filter except (&(objectCategory=Person)(sAMAccountName=*)(MemberOf=....) I want to Use the LDAP Filter(&(objectCategory=Person)(UserPrincipalName=*)(MemberOf=....) 

    Because the UserPrincipal Name is the Email Adress (contains @) it is not possible to create a UserAccount in ALM... 

Children
  • Now what? Soon my company will migrate from Active Directory to Azure Active Directory, then LDAP is no longer available, because the sAMAccount Field name is no longer Available, comparable Field are filled with email Adress. Then the Security Risk valuation will increase, because I have to switch to local User Management, plus the User Acceptance of ALM will decrease. 

  • If your company will migrate from AD to Azure AD, it means the authentication of ALM will be changed to SSO from LDAP. You can map the Azure AD field of email address to ALM SSO unique field of 'IdentityKey'. With such configuration, the users are able to login with email via Azure AD and then the authenticated users are mapped to ALM users by the identity keys. 

  • Thank you for your helpful answer, I will activate SSO instantly

  • Did you ever get this SSO option to work to solve your issue? I have same scenario now... never could get SSO work.  Using LDAP still but, cannot get email address as username to work because of the @ syntax in the name.

  • Yeah, SSO ist running now! With a little help from Support Engineer! And it works pretty much alright. I have to create new User Accounts manually, but I dont have to change the User Account Name in ALM. Where is your problem? The SAML Config? Probobly the Claim Type mapping?