ITMS 8.7.1, 8.7.2, 8.7.3

Current functionality. This Use case was not considered originally:
User is imported from local AD and from Azure AD. What looks common between these users is a e-mail address (some other entries also - name, phone etc. but e-mail looks more useful as a merge key). 

This is a common issue we run into with user matching. We are using UserPrincipalName from the claim to match an existing user e.g. JohnDoe@example.com. The existing user in the SMP Server has sAMAccountName set as the username .e.g. JohnDoe. This user would not exist in SMP Server hence a new/duplicate user is created.

This use case has been addressed in our next release: ITMS 8.8.

New APIs were created to get the necessary resource keys. Full implementation will be available in ITMS 8.8 Release.

A Pointfix will contain the simplified version of those changes for those customer using ITMS 8.7.2 and 8.7.3 releases.
See CUMULATIVE POST ITMS 8.7.2 POINT FIXES
See CUMULATIVE POST ITMS 8.7.3 POINT FIXES

After the improvements are applied, now a user will see new Items in the SMP Console:

By default existing AD import or Cloud AD Import rules have new check-box "Custom resource keys and names" checked

More details on how this new “Custom resource keys and names” option works, please refer to KB 385966 "Controlling how local AD imported users or Azure AD imported users names are be stored in “Symantec_CMDB” database or merged by directoryid resource key"