Make Azure MFA work on ADFS when Alternate login ID enabled
We just have tested the Azure MFA (cloud version) integration with ADFS. In ADFS we have the email as Alternate Login ID and our users are synced to Azure AD using the UPN value.
Well, MFA works for all the users with the same UPN/email value, but for users with diferent UPN and email values, MFA fails. Basically ADFS tries to locate the user for Azure MFA using the Alternate login ID (the email) and as our users are synced to Azure AD using the UPN value, ADFS throws an exception telling that the user was not found in Azure AD and MFA is not enabled. Obviously authentication fails.
We raised a ticket to our Azure Premium Support team and they said this is not currently supported.