Enroll Users with Non-Corporate Email Addresses in Personal Email
In certain environments, external users or contractors may be configured with a non-corporate email address in the ‘mail’ attribute (for example, a company email for the contractor organization or a personal/private email address). These users cannot use the Email Identity Service in Specops Authentication (uReset, Secure Service Desk Quick verification) as the Email Identity Service requires the recipient email domain be a verified domain managed by the end customer.
These users can instead use the Personal Email Identity Service to authenticate with these services, as the Personal Email Identity Service has no recipient restrictions.
Specops Authentication Administrators can use a PowerShell script such as the one shown below to automatically identify users with non-corporate email addresses and enroll them for Personal Email within Specops Authentication. In this example below the corporate email domain is contoso.com, we will thus start by querying for any user who has a non-@contoso.com email address.
$verbosePreference = 'continue'
get-aduser -filter { mail -notlike "*@contoso.com"} -properties mail | %{
write-verbose "enrolling $($_.sAMAccountName) with email $($_.mail)"
Add-SpecopsAuthenticationIdentityServiceEnrollment -username $_.sAMAccountName -IdentityServiceId AlternateEmail -EnrollmentProof $_.mail}
}
After the script has run, please note it may take several minutes for all system caches to clear and the Personal Email ID service to appear on the user’s enrollment.