We have two on-prem domains; Domain A and Domain B. Domain A is our primary domain and syncs with Azure AD. Domain B contains accounts created for external users and is used to allow those external users to authenticate against the domain for services our company utilizes; Domain B does not sync with Azure AD. We utilize the self-service password reset functionality for both domains and use the "Email" property as a username.
Recently, we've upgraded to Adaxes 2023 and added our Azure infrastructure as a managed domain to Adaxes. In Azure AD we also have external user / guest accounts added to our tenancy.
After adding Azure as a managaged domain we are starting to experience an issue when Domain B users attempt to log in to the self-service password portal with the error:
The username is ambiguous. There is more than one account with the specified username
This is being cause by users having accounts in both Domain B (which does not sync with Azure) and Azure AD with the same email address. At this time we are unable to remove or combine either account, change the email addresses, or require the Domain B user principal name as the login name.
Domain B users will never need to reset their Azure AD guest account password via Adaxes self service. Is there a way to fully exclude the newly-added Azure AD managed domain from being evaluated as an authentication source during self service login so, that when a Domain B user attempts to authenticate, they are only authenticating against the Domain B on-prem domain?