CloudAccess users with Office365 exchange entitlement missing apostrophe in email address

  • 7017508
  • 15-Apr-2016
  • 15-Apr-2016

Environment

NetIQ Cloud Access 2.3
Office365 Connector enabled

Situation

CloudAccess setup with Office365 and working fine - users get provisioned from the local user store to NetIQ CloudAccess (NCA), and can single sign on to office365 apps. One particular user had an apostrophe in his name and could not receive any emails.

Let's add user Rick O'Shea to AD (samAccountName ro'shea, email ro'shea@ag4c.net. This synchronises into NCA: (looked at the user via ldapsearch)

> dn: cn=roshea,ou=users,o=data
> cn: ro'shea
> cn: roshea

At this point, the user can log into the NCA appliance with ro'shea, roshea, or ro'shea@ag4c.net without issues.

After adding the user to an office 365 policy mapped group to get him provisioned to O365, we confirm he is provisioned to Office365. Since we use the immutableID with the saml assertion for SSO, his UPN doesn't really matter too much at this point, but here's his current O365 info:

> upn: roshea@ag4c.net
> DisplayName: Rick O'Shea
> Firstname: Rick

Next we added the exchange entitlement to Rick's group to give him an O365 exchange mailbox: His email address is: roshea@ag4c.net  (no apostrophe) and I can send email to this address. With the apostrophe included, it fails naturally because the email recipient "ro'shea" doesn't really exist.

Resolution

By default, the apostrophe will be stripped in the Office365 exchange mailbox. As long as the admin/user knows that the apostrophe will be stripped in the O365 exchange mailbox, everything will work fine.

Additional Information

In the next version of CloudAccess (3.0), the admin will have the ability to change the 'provisioning naming style' for the O365 users to something like firstname.lastname. In the fname.lastname case for 3.0, the user exchange accounts in o365 would look like rick.o'shea@ag4c.net and you would be able to send email to that address with the apostrophe.