Configuring ADFS to authenticate users with an email address
You can optionally configure your ADFS claims provider to enable an email address as an alternate login ID.
Before you begin
About this task
Because external email addresses are not always the same as the internal Active Directory user principal name (UPN), you can configure the mail attribute as an alternate login ID.
Procedure
Optional:
Run the following PowerShell command on any of the federation servers in your farm.
Type this command on a single line and substitute for the
variables.
Set-AdfsClaimsProviderTrust -TargetIdentifier "AD AUTHORITY" -AlternateLoginID attribute
-LookupForests forest domain
For
example,
Set-AdfsClaimsProviderTrust -TargetIdentifier "AD AUTHORITY" -AlternateLoginID mail
-LookupForests adfsdom.adfsforest
For more information, see the Microsoft technote documentation Configuring Alternate Login ID at
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/operations/configuring-alternate-login-id
.