Enable UPN suffixes of on-premise domains to be syncrhonised to Azure AD and be used with the Seamless SSO feature
Currently any UPN suffixes in an on-premise domain are not picked up in the Seamless SSO domains feature of the Azure AD Connect. It would be great if UPN suffixes could be added to the Seamless SSO domains, as they are picked up by Azure AD Connect and uploaded to Azure AD as a user's UPN anyway.
@Anonymous: how is Seamless SSO not built for large organisations?! So your recommendation is to move to a cloud service like Office 365 and deploy ADFS, basically making you reliant on yet another on-premises solution that you need the skills and expertise to implement correctly and manage? That is just not the recommendation, read Microsoft’s documentation. Unless you have specific requirements, like smart card authentication for example, where ADFS is the only option, Seamless SSO is perfectly suitable for any organisation.
The lack of support for UPN changes is the sole reason we did not choose User-based E3 licensing for Windows 10, which would require a hybrid AAD with our Domain. Microsoft's workaround is not realistic. https://docs.microsoft.com/en-us/azure/active-directory/devices/faq
Matt Valentine commented
Thank you for your reply, I didn't realise I was moaning, simply requesting for a feature as Azure AD Connect does pick up the UPN suffix in the Synchronisation section, just not in the SSO section.
Also, as far as I can tell from Microsoft articles, SSO is an enterprise solution, and implementing ADFS has some downsides such as being a single point of failure, requiring on premise infrastructure, etc
How big is your organisation? You really should consider using an enterprise solution like ADFS, seamless sign on isnt built for big business. Apply better solutions rather than moaning about ones you’re not utilising properly.