Questions
What are the limitations when synchronizing user information from Microsoft Entra ID to Access Control.
Answer
The following limitations exist.
1. The username of the Access Control account can only be selected in the UserPrincipalName (UPN) format of Microsoft Entra ID or the local part (value before @).
Also, the username of Access Control cannot be changed later.
Example: If the UserPrincipalName attribute of the user is "user@example.com", create the username with the value "user@example.com" or "user".
2. The password of Microsoft Entra ID cannot be synchronized to Access Control during user synchronization.
Therefore, after synchronization is complete, the administrator needs to set the initial password on the Access Control side.
※ Users cannot log in to Access Control unless the password is set, so it must be set before federation connection with Microsoft 365.
For how to set the password, please refer to the following articles.
Edit Access Control User Information
Batch Update Access Control Users
3. If Access Control and Microsoft Entra ID are federated, users cannot be created for federated domains from the GUI of Microsoft Entra ID.
To create users, the administrator needs to execute Microsoft Graph PowerShell commands each time or synchronize user information from Active Directory.
※ The above is a specification of Microsoft Entra ID, so please contact Microsoft for details.