"Mixing" Mail-created users with MS 365?


  • Used Zammad version: 5.2.3
  • Used Zammad installation type: Debian package
  • Operating system: Debian 11
  • Browser + version: Firefox, Chrome, Edge

Expected behavior:

  • User first send an E-Mail to the Helpdesk, Zammad creates a user
  • Users learn that Zammad has a nice Web UI and instead communicating via mail, they want to sign into Zammad, when they try using the Microsoft Sign-In Button they will be greeted with an error as described below.

Actual behavior:

  • Using the Microsoft SSO they get the error: 422: The change you wanted was rejected. - Validation failed: Email address xyz@example.org’ is already used for other user."

Steps to reproduce the behavior:

  • Send an e-Mail to a Mailbox/Channel monitored by Zammad
  • User gets created with Login as their Mail address (and their Mail address as … their contact)
  • Users want to use the MS SSO

If they first sign into Zammad via SSO, things work as their AAD ObjectID will be stored in Zammad as “Login”.

My question would be if we can tell Zammad to not use the Azure AD object ID as “Login”, but rather their e-Mail (if that can be reconfigured).

Wouldn’t the selection on the third-party login settings page do the trick for you?

“Settings” → “Security” → “Third-party Login” → first selection to yes

Hi @ChibangLW thank you very much … that seems to do the trick.

Honestly I should have seen this but I oversaw the option and scrolled straight down to the “Authentication via Microsoft” section!

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.