My customer is in the process of modifying all of their UPNs to match their primary SMTP. They have a few Azure AD Directories and around 100 of the accounts they are changing the UPN are external users in the other Azure AD directories (for admin purposes). As I understand it, after adding an external user, any attribute changes are independent and not synced over after that point.
If these users have their UPN change, will they still be able to log in to the external? If so, what attribute is being used to verify the account? Is it ObjectID, liveID or something else?
Yes, it is possible.
The Azure AD external users doesn't use the ObjectID, liveID to link to the users in the orignal tenant. You can using PowerShell( get-msolUser) list and compare these proprieties. It seems that it use the internal field however I am not able to find the relative document about this.