Provisioning guidelines

To ensure that all the attributes that you want to sync with Microsoft Entra ID are handled properly, we recommend following these guidelines:

The proxyAddresses attribute

Email addresses, (prefixed by SMTP: for primary or smtp: for others) must be unique. There cannot be any spaces in the field.

The domain of each email address must be registered in Microsoft Entra ID.

Maximum length per entry is 256 and must not contain < > ( ) ; : , [ ] “

The userPrincipalName attribute

The userPrincipalName attribute is the username in Office 365. This value must be unique.

Must be in Internet-style sign-in format with @domain, for example user@specopssoft.com.
To avoid confusion, make sure the userPrincipalName matches the user’s email address. The userPrincipalName will be used to log into services such as Outlook or Skype for Business.

The domain of the userPrincipalName must be registered in both Specops Authentication, and Microsoft Entra ID for SSO to work (a user can still have email addresses on other domains that are not registered in Specops Authentication, as long as they are registered in Microsoft Entra ID).

Maximum length is 113 and must not contain \ % & * + / = ? { } | < > ( ) ; : , [ ] “ or space

Other attributes

displayName: Maximum length = 255

givenName: Maximum length = 63

mail: Must be unique

mailNickname: Cannot being with period (.) and must be unique

sAMAccountName: Maximum length = 20. Must be unique. Must not contain [ \ “ | , / : < > + = ; ? * ]

For your User Objects to be compatible with Microsoft Entra ID, see Microsoft guidelines for further information.