Provisioning guidelines

To ensure that all the attributes that you want to sync with Azure Active Directory are handled properly, we recommend following these guidelines:

The proxyAddresses attribute

Email addresses, (prefixed by SMTP: for primary or smtp: for others) must be unique. There cannot be any spaces in the field.

The domain of each email address must be registered in Azure AD.

Maximum length per entry is 256 and must not contain < > ( ) ; : , [ ] “

The userPrincipalName attribute

The userPrincipalName attribute is the username in Office 365. This value must be unique.

Must be in Internet-style sign-in format with @domain, for example user@specopssoft.com.
To avoid confusion, make sure the userPrincipalName matches the user’s email address. The userPrincipalName will be used to log into services such as Outlook or Skype for Business.

The domain of the userPrincipalName must be registered in both Specops Authentication, and Azure AD for SSO to work (a user can still have email addresses on other domains that are not registered in Specops Authentication, as long as they are registered in Azure AD).

Maximum length is 113 and must not contain \ % & * + / = ? { } | < > ( ) ; : , [ ] “ or space

Other attributes

displayName: Maximum length = 255

givenName: Maximum length = 63

mail: Must be unique

mailNickname: Cannot being with period (.) and must be unique

sAMAccountName: Maximum length = 20. Must be unique. Must not contain [ \ “ | , / : < > + = ; ? * ]

For your User Objects to be compatible with Azure Active Directory, see Microsoft guidelines for further information.