SSO&SAML Authenitication AzureAD attribute

Hi everyone,

I have a Nextcloud insance with a LDAP backend. All my users are stored in a Windows AD server which is connected to Nextcloud.

However I want to change this to SAML/SSO Authentication with AzureAD. I setup an app in AzureAD and connected Nextcloud with it. It works but with one big downside…

My users are stored with the UID attribute: cn. That is Name_Surname. But when I use SAML/SSO it’s trying to use the mail attribute. When I log in with an existing account I get an error message that the account is not provisioned.

When I turn off the setting “Only allow authentication if an account exists on some other backend (e.g. LDAP).” I can login but it creates a new account with the UID and not Name_Surname.

Does anyone know how to change this?

this are my settings. The first link in General is the setting: 'Attribute to map the UID to". All online tutorials give me this link and I cant just choose an attribute myself, like cn of sAMAccountName