Issues logging into Admin console

Question

Our corpoate domain is synced with Microsoft 365 using ADFS. I am unable to login to Microsoft 365 using my corporate credentials. When I try logging in, I automatically get authenticated using domain.onmicrosoft.com credential and not domain.com credential. My corporate information is getting synced with domain.onmicrosoft.com and not domain.com.

FYI, I am Global Administrator with my corporate credential i.e. domain.com and normal user with domain.onmicrosoft.com.

Answer 1

It seems that the issue you are experiencing with logging into Microsoft 365 using your corporate credentials may be related to the federation setup with ADFS. When your corporate domain is synced with Microsoft 365 using ADFS, it's important to ensure that the federation trust is correctly configured.

Here are some potential causes and solutions for your issue:

1. Federation Trust: Check if there is a federation trust between Microsoft Entra ID (formerly Azure AD) and your ADFS server. You can run the Get-msoldomain cmdlet from Azure AD PowerShell to verify if your domain is federated. If it is, its authentication property should display as Federated.
2. Domain Configuration: Ensure that the domain.com is properly configured in your ADFS settings. If there are issues with the Issuance Transform rules or if the domain is not correctly federated, it could lead to the behavior you're experiencing.
3. Directory Synchronization: If directory synchronization issues are present, they may prevent proper user account configuration on-premises from syncing to Microsoft Entra ID. Make sure that the same Microsoft 365 user account is created for each on-premises user account.
4. Subdomain Issues: If your corporate domain has subdomains, ensure that they are correctly set up and that the federation status is consistent across the parent and subdomains.

If these steps do not resolve the issue, you may want to consult with your IT administrator for further assistance in troubleshooting the federation and synchronization settings.

---

References:

• Troubleshoot account issues for federated users in Microsoft 365, Azure, or Intune
• You can't sign in to Microsoft 365 from multiple federated domains
• Troubleshoot AD FS issues in Microsoft Entra ID and Office 365

Answer 2

@Fazal Ur Rehman Shah | فضل الرحمن شاة

Thank you for posting this in Microsoft Q&A.

As I understand you are syncing users from on-premises to Microsoft 365. You also have ADFS in your environment. When user authenticates, they are authenticated using domain.onmicrosoft.com domain.

I wanted to check What is the user's UPN shown in Microsoft 365 after you have synced to Microsoft 365.if the UPN is set to domain.onmicrosoft.com then by default azure will authenticate the user.

If you have federated the domain.com with ADFS and if user passes the UPN as domain.com then user authentication will happen using your on-premises via ADFS.

In your case there can be only 2 possibilities due to which authentication is happening in Azure that is as below,

• If is entering UPN as domain.onmicrosoft.com.
• Or the domain.com is not federated with ADFS properly.

If you have any questions we can work on this offline. You can check the Private message option on top of this thread and follow instructions to work offline.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.