By default, the People Planner Windows Application uses the Down-Level Logon Name for Windows Authentication.

In version 3.7.1, an option was added to use the User Principal Name (UPN) instead.

The Use UPN name for Authentication option is located via Settings > System Setup > System in the Web Admin Tool. If you select this setting, when the People Planner Application is started, the method that it uses to get the name of the current logged-in user gets the UPN name, rather than the Windows account name.

In some rare setups, and under special situations, such as using an SSO solution to access People Planner via Citrix, an issue can arise with the length of user names in the Active Directory (AD). For example:

1. A user logs in to Citrix with their remote identity provider credentials, such as Azure Active Directory.

   This user also has a shadow account in the Citrix local AD so that they can launch the People Planner application. The shadow account has a separate UPN suffix that matches the remote domain name in Azure.

2. The user's account in Azure is JonathanBakerSmithIII@ABCManufacturing.com.
3. His account in the Citrix local AD is as follows:
   • Primary domain: <Local AD domain name>
   • Windows user name (SamAccountName): JonathanBakerSmithIII
   • UPN: JonathanBakerSmithIII@ABCManufacturing.com (ABCManufacturing.com is the UPN suffix)

When shadow accounts are created, the SamAccountName in the local AD, the user name, is limited to 20 characters, which is a problem if user names are longer than 20 characters in Azure, as "JonathanBakerSmithIII" is, at 21 characters. When People Planner retrieves the Windows account user name, it gets the truncated user name; as a result, the validation of that name against the database-which has the full name-fails.