SAML login via e-mail address using Azure

Hello everyone,

I’m currently trying to implement Single Sign-on using SAML and Azure.

There are users in the local database who have previously logged in with their user name in the format “company_lastname”.
With SAML, it should no longer be possible to log in with the user name, but only with the e-mail address as this is the unique identifier in Azure.

Is it even possible for Nextcloud, more precisely, for the user_saml app to allow a customer user to log in via SAML with their e-mail address + password instead of username + password? If not, this would mean that the user name would have to be changed to the e-mail address for all customer users, right?

So far I have configured the user_saml app so that the login page redirects to Microsoft correctly. But if a user now tries to log in, depending on the app configuration, either the message “Your account is not provisioned, access to this service is thus not possible” appears or the user cannot be found and is created automatically with the e-mail address as the user name.
Another question would therefore be whether and how automatic creation can be prevented.

Thanks in advance