I am admin for our msp portal and our nfr portal, i deployed a DAG in our nfr portal, and created 2 applications for duo admin panel - SAML.
1 for MSP and 1 for NFR

I can SSO into our MSP portal as this uses my primary email and does not need custom attribute mapping.

For our NFR i use an email alias which is the same as my userprincipalname (synced with directory sync) so at the attribute field i enter userprincipalname as the attribute containing the mail address.
i now get an error that there is no admin account for “primary emailaddress” which is correct but i think the attribute mapping does not work it should be “userprincipalname” or “alias3”.

is this even possible?

a user residing in 2 different company’s works fine with the same email address, while admins need to have an unique email address