Configuring ADFS to authenticate users with an email address

You can optionally configure your ADFS claims provider to enable an email address as an alternate login ID.

Before you begin

Ensure that Windows update KB2919355 is installed on your system.

About this task

Because external email addresses are not always the same as the internal Active Directory user principal name (UPN), you can configure the mail attribute as an alternate login ID.

Procedure

Optional: Run the following PowerShell command on any of the federation servers in your farm.

Type this command on a single line and substitute for the variables.

Set-AdfsClaimsProviderTrust -TargetIdentifier "AD AUTHORITY" -AlternateLoginID attribute
 -LookupForests forest domain

For example,

Set-AdfsClaimsProviderTrust -TargetIdentifier "AD AUTHORITY" -AlternateLoginID mail 
-LookupForests adfsdom.adfsforest

For more information, see the Microsoft technote documentation Configuring Alternate Login ID at https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/operations/configuring-alternate-login-id.