Hi, Loreto. "saMAccountName" is perfectly legit and we've never had an issue reported where it couldn't been used. The only caveat is that you can't use it in multi-domain AD environment as it's only guaranteed to be unique within a domain, and key attribute you choose for CR must be unique globally. For such cases upn or email attributes are better choice. The only case when you can lose locally created accounts (what includes the default admin account, but also user entries auto-enrolled by authentication scripts, and the ones you created manually on "Manage people" page) is if you unset "Keep external persons" property on CR's main page. It is set by default. By changing properties on "Manage authentication" page, you usually configure Gluu to use your AD LDAP server for auth, that's why you can't use local admin anymore. Also, before you fully switch to using it, you first need to go to "Manage groups" page and make sure you add some users imported from AD to "Gluu Manager Group"

I manage to authenticate both local admin and my new MS AD new admin. https://photos.app.goo.gl/dJsaWWQtTxzdiLNJ6 I still can't use the sAMAccountName Attribute of MS AD. I tried many many times. On both Cache refresh and Manage authentication. It wont work.. tried several times. so i stick to primary key and secondary key to " UID" in MS AD Attrib. https://photos.app.goo.gl/CrHAYFWETGufhgJs7 https://photos.app.goo.gl/YZgBWAaj1juqNyKYA I think i like this way or design.At least i controlled who can have a SSO in my Gluu system. You may closed the ticket now.. thanks to great support. Cheers, Loreto