Provisioning guidelines
To ensure that all the attributes that you want to sync with Microsoft Entra ID are handled properly, we recommend following these guidelines:
The proxyAddresses attribute
Email addresses, (prefixed by SMTP: for primary or smtp: for others) must be unique. There cannot be any spaces in the field.
The domain of each email address must be registered in Microsoft Entra ID.
Maximum length per entry is 256 and must not contain < > ( ) ; : , [ ] “
The userPrincipalName attribute
The userPrincipalName attribute is the username in Office 365. This value must be unique.
Must be in Internet-style sign-in format with @domain, for example user@specopssoft.com.
To avoid confusion, make sure the userPrincipalName matches the user’s email address. The userPrincipalName will be used to log into services such as Outlook or Skype for Business.
The domain of the userPrincipalName must be registered in both Specops Authentication, and Microsoft Entra ID for SSO to work (a user can still have email addresses on other domains that are not registered in Specops Authentication, as long as they are registered in Microsoft Entra ID).
Maximum length is 113 and must not contain \ % & * + / = ? { } | < > ( ) ; : , [ ] “ or space
Other attributes
displayName: Maximum length = 255
givenName: Maximum length = 63
mail: Must be unique
mailNickname: Cannot being with period (.) and must be unique
sAMAccountName: Maximum length = 20. Must be unique. Must not contain [ \ “ | , / : < > + = ; ? * ]
For your User Objects to be compatible with Microsoft Entra ID, see Microsoft guidelines for further information.