Skip to content
English
Q7LEADER
  • There are no suggestions because the search field is empty.

Administrator - SSO Login Issues (UPN vs Email Address)

This article explains why some users cannot log in with SSO and how to resolve it.

In this article, you will learn:

  • Why some users are unable to log in with SSO

  • What a UPN is and how it differs from a regular email address

  • How to resolve login issues caused by mismatched UPNs

Why are some users unable to log in with SSO?

Because the email stored in Q7Leader does not match the user’s UPN (User Principal Name) in your identity system (e.g., Entra ID / Azure AD).

The UPN is what SSO uses to authenticate. If it differs from the “normal” email address, the login will fail.

What is a UPN?

A UPN looks like an email address but is mainly used for login.

It can differ from the email address people use to send/receive mail every day, and it can appear differently for multiple people.

This is normal for evolving companies (e.g., transitioning to .com email addresses, M&A scenarios, etc.).

Example:

  • Standard email address structure used to send and receive emails: firstname.lastname@company.com
  • UPN used for SSO for some people in the organisation historically: flastname@company.com

How to fix this? 

  • Option 1 — Use the UPN as the email in Q7Leader (most common & easiest)

If the UPN is also a functional email address (it receives emails), you can simply update the user in Q7Leader to use their UPN.

If your UPN does not receive emails, this is an issue because those users will not receive any platform notifications, even though they may still be able to log in. Situations like this need to be resolved internally.

Example:
A user cannot log in.
  • In Q7Leader, they are registered as: firstname.lastname@company.com
  • But their UPN in Azure is: flastname@company.com

To fix this, update their Q7Leader email to flastname@company.com (the UPN). After this, SSO works immediately.

User email addresses must be updated manually, one by one.

Note: Some employees will have a slightly different email format in Q7Leader than others. This is fine and does not cause issues. As long as when SSO is set in place, their access in MyQ7Leader is attached to their UPN email address
  • Option 2 — Change all UPNs to a standard format

This is often only used when the organisation plans a larger clean-up (e.g., moving everyone to firstname.lastname@company.com).

This affects how people log in to laptops and other applications, so it’s rarely chosen solely for Q7Leader.

What do most customers do?

Almost everyone chooses Option 1 because it’s quick, low-impact, and solves the issue immediately.