Skip to main content
When creating users with the Entra ID integration, we would like to use the Personio email address field to create the UPN in Entra. However, when we do this, we receive an error message in the sync monitoring:
{"error":{"code":"Request_BadRequest","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","details":[{"code":"InvalidValue","message":"The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.","target":"userPrincipalName"}],"
This is what the configuration looks like:

 

 

Is there any way to achieve that?

Looks like the error states that there is a domain issue you are facing. Verification wise.
This can stop you from creating users for example
 

Check that the Domain is verified on the Entra Side.
Link how to Verify your domain on Entra ID side.
Link to troubleshooting article.
 

The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization. Make sure the domain you're using to create the user is on the list of verified domains in the Microsoft Entra admin center. The status of the domain needs to be Verified. If you've verified the domain status, see whether the domain is Federated (has a checkmark) or Managed (doesn't have a checkmark). You can only create users in Microsoft Entra ID for managed domains. For federated domains, you must create the user on the identity provider (IdP), and then sync to Microsoft Entra ID. You can't assign a federated domain to a user.

 

That's not the problem.

Of course, the domain is verified.

I've since been able to solve the problem myself. You can't use "Pre-assign email addresses" when assigning attributes. If you set the field to "Email," it works as expected. Unfortunately, this isn't sufficiently documented.

Your reply


Terms & Conditions of the Personio Voyager Community