Resolve UPN Mismatch for Azure AD Seamless SSO

B

The issue at hand is that users are being prompted multiple times to sign in when accessing myapps.microsoft.com, and are being forced to use an account name that ends with onmicrosoft.com. This indicates that Azure AD Seamless SSO is not functioning properly. The UPN mismatch between Azure AD and the on-premises Active Directory is likely the cause of the issue.

To resolve this issue, the first step should be to ensure that the UPN in the on-premises Active Directory matches the UPN in Azure AD. Once the UPN is matching, Azure AD Seamless SSO should function properly.

Option A, deploying Active Directory Federation Services (AD FS), is not the recommended solution in this case. AD FS is an alternative to Azure AD Seamless SSO, and is used to provide single sign-on capabilities for on-premises applications. However, it is not necessary to deploy AD FS to resolve this issue.

Option B, adding and verifying a custom domain name in Azure AD, is also not the recommended solution in this case. While adding a custom domain name is necessary for certain Azure AD configurations, it is not required to resolve this particular issue.

Option C, requesting a new certificate that contains the Active Directory domain name, is also not the recommended solution. While certificates are required for certain Azure AD configurations, it is not necessary to request a new certificate to resolve this particular issue.

Option D, modifying the filtering options from the server that runs Azure AD Connect, is also not the recommended solution. While modifying the filtering options may be necessary in certain Azure AD configurations, it is not required to resolve this particular issue.

Therefore, the correct answer is to ensure that the UPN in the on-premises Active Directory matches the UPN in Azure AD. Once this has been accomplished, Azure AD Seamless SSO should function properly, allowing users to use single sign-on to access Azure resources.