A new user is created in VIP Manager using the userPrincipalName attribute from Azure during an MFA login using the Azure conditional access flow.
(Source: VIP Azure integration guide)
The Azure UserPrincipalName (UPN) attribute value is the Azure AD username for the user accounts and is used by Azure AD to allow users to sign in.
When Symantec VIP MFA is integrated:
If a user already exists in VIP Manager where their User ID is (for example) their samAccountName, a condition now exists where a single user has multiple usernames\credentials in VIP Manager.
Adjust the VIP settings to send the same VIP User ID for each VIP-protected application they are logging into.
For example, if the VIP Enterprise Gateway is sending the AD LDAP attribute 'samAccountName' as the VIP User Name Attribute...
...adjust the VIP Azure settings to send the Azure AD attribute as the VIP User ID that matches. In many cases, this is either mailNickName or onPremiseSamAccountName.
Alternatively, change the VIP User Name Attribute on your VIP Enterprise Gateway(s) to send the UserPrincipalName.
Important: This change won't affect the end-user login experience or their login ID. Only the VIP User ID mapping between your VIP EG↔VIP tenant or the VIP Conditional Access for Azure↔VIP tenant is changing to ensure that each user has a single VIP User ID regardless of the application they are logging into.