Devolutions ForumDevolutions Forum

Microsoft Authentication - UPN change not reflected correctly in 2022.3.6

Microsoft Authentication - UPN change not reflected correctly in 2022.3.6

avatar
RokB

Hi,

this may be a known issue.
After UPN change in AzureAD authentication the AAD groups are not mapped correctly. I can see some parameters are updated in user properties (Full Name and email) but not the username (still shows old value and this may be the cause that this user does not get the existing groups)). I haven't tried to clear cache yet, do you think this would help?
Azure sync seems to work OK:
2023-03-06 08:42 Update Azure cache end Scheduler Debug Devolutions Server - 00:50:56:AA:92:25
2023-03-06 08:41 Service - AzureAD - Domain: Azure Active Directory - Extract all group names Finish Scheduler Debug Devolutions Server - 00:50:56:AA:92:25
2023-03-06 08:41 Service - AzureAD - Domain: Azure Active Directory - Extract all group names Start Scheduler Debug Devolutions Server - 00:50:56:AA:92:25
2023-03-06 08:41 Service - AzureAD - Domain: Azure Active Directory - Assign groups to users Finish Scheduler Debug Devolutions Server - 00:50:56:AA:92:25
2023-03-06 08:30 Service - AzureAD - Domain: Azure Active Directory - Assign groups to users Start Scheduler Debug Devolutions Server - 00:0C:29:EA:4D:5D
2023-03-06 08:30 Service - AzureAD - Domain: Azure Active Directory - Link existing users from DB Finish Scheduler Debug Devolutions Server - 00:0C:29:EA:4D:5D
2023-03-06 08:30 Service - AzureAD - Domain: Azure Active Directory - Link existing users from DB Start Scheduler Debug Devolutions Server - 00:0C:29:EA:4D:5D
2023-03-06 08:30 Service - AzureAD - Domain: Azure Active Directory - Get all users Finish Scheduler Debug Devolutions Server - 00:0C:29:EA:4D:5D
2023-03-06 08:30 Service - AzureAD - Domain: Azure Active Directory - Get all users Start Scheduler Debug Devolutions Server - 00:0C:29:EA:4D:5D
2023-03-06 08:30 Service - AzureAD - Domain: Azure Active Directory - Get all groups Finish Scheduler Debug Devolutions Server - 00:0C:29:EA:4D:5D
2023-03-06 08:30 Service - AzureAD - Domain: Azure Active Directory - Get all groups Start Scheduler Debug Devolutions Server - 00:0C:29:EA:4D:5D
2023-03-06 08:30 Update Azure cache start Scheduler Debug Devolutions Server - 00:0C:29:EA:4D:5D


Best regards,
Rok

All Comments (3)

avatar
Erica Poirier

Hello,

When you update the UPN in AAD, this will not update it in DVLS. Even if the Azure cache in DVLS has been reset.

Please open a ticket at service@devolutions.net and we will send you the instruction to update the UPN in DVLS too. Ensure to add a reference to this forum's thread in your message.

Best regards,

Érica Poirier

avatar
bvi1998

Can you tell us how to do this here?
avatar
Erica Poirier

Hello,

Now you should be able to use the Authentication Migration tool to update a user account's UPN.
https://docs.devolutions.net/kb/devolutions-server/how-to-articles/authentication-migration/

You just have to select the same Identity Provider, Microsoft, and then manually select the old and the new account in the Users mapping step.



Let us know if that helps.

Best regards,

Érica Poirier

6649df61-b7b7-45bb-b98d-a4adad4af5f5.png