diff --git a/test/integration/e2e_test.go b/test/integration/e2e_test.go
index 1eb8f724..fd631822 100644
--- a/test/integration/e2e_test.go
+++ b/test/integration/e2e_test.go
@@ -386,7 +386,7 @@ func TestE2EFullIntegration(t *testing.T) {
 			t.Skip("LDAP integration test requires connectivity to an LDAP server")
 		}
 
-		expectedUsername := env.SupervisorUpstreamLDAP.TestUsernameAttributeValue
+		expectedUsername := env.SupervisorUpstreamLDAP.TestUserMailAttributeValue
 		expectedGroups := env.SupervisorUpstreamLDAP.TestUserDirectGroupsDNs
 
 		// Create a ClusterRoleBinding to give our test user from the upstream read-only access to the cluster.
@@ -422,7 +422,7 @@ func TestE2EFullIntegration(t *testing.T) {
 				Base:   env.SupervisorUpstreamLDAP.UserSearchBase,
 				Filter: "",
 				Attributes: idpv1alpha1.LDAPIdentityProviderUserSearchAttributes{
-					Username: env.SupervisorUpstreamLDAP.TestUsernameAttributeName,
+					Username: env.SupervisorUpstreamLDAP.TestUserMailAttributeName,
 					UID:      env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeName,
 				},
 			},
diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go
index bfb93886..8b449db8 100644
--- a/test/integration/supervisor_login_test.go
+++ b/test/integration/supervisor_login_test.go
@@ -128,7 +128,7 @@ func TestSupervisorLogin(t *testing.T) {
 						Base:   env.SupervisorUpstreamLDAP.UserSearchBase,
 						Filter: "",
 						Attributes: idpv1alpha1.LDAPIdentityProviderUserSearchAttributes{
-							Username: env.SupervisorUpstreamLDAP.TestUsernameAttributeName,
+							Username: env.SupervisorUpstreamLDAP.TestUserMailAttributeName,
 							UID:      env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeName,
 						},
 					},
@@ -150,7 +150,7 @@ func TestSupervisorLogin(t *testing.T) {
 			requestAuthorization: func(t *testing.T, downstreamAuthorizeURL, _ string, httpClient *http.Client) {
 				requestAuthorizationUsingLDAPIdentityProvider(t,
 					downstreamAuthorizeURL,
-					env.SupervisorUpstreamLDAP.TestUsernameAttributeValue, // username to present to server during login
+					env.SupervisorUpstreamLDAP.TestUserMailAttributeValue, // username to present to server during login
 					env.SupervisorUpstreamLDAP.TestUserPassword,           // password to present to server during login
 					httpClient,
 				)
@@ -162,7 +162,7 @@ func TestSupervisorLogin(t *testing.T) {
 					"&sub=" + base64.RawURLEncoding.EncodeToString([]byte(env.SupervisorUpstreamLDAP.TestUserUniqueIDAttributeValue)),
 			),
 			// the ID token Username should have been pulled from the requested UserSearch.Attributes.Username attribute
-			wantDownstreamIDTokenUsernameToMatch: regexp.QuoteMeta(env.SupervisorUpstreamLDAP.TestUsernameAttributeValue),
+			wantDownstreamIDTokenUsernameToMatch: regexp.QuoteMeta(env.SupervisorUpstreamLDAP.TestUserMailAttributeValue),
 			wantDownstreamIDTokenGroups:          env.SupervisorUpstreamLDAP.TestUserDirectGroupsDNs,
 		},
 		{
@@ -274,8 +274,8 @@ func TestSupervisorLogin(t *testing.T) {
 			requestAuthorization: func(t *testing.T, downstreamAuthorizeURL, _ string, httpClient *http.Client) {
 				requestAuthorizationUsingLDAPIdentityProvider(t,
 					downstreamAuthorizeURL,
-					env.SupervisorUpstreamActiveDirectory.TestUsernameAttributeValue, // username to present to server during login
-					env.SupervisorUpstreamActiveDirectory.TestUserPassword,           // password to present to server during login
+					env.SupervisorUpstreamActiveDirectory.TestUserSAMAccountNameValue, // username to present to server during login
+					env.SupervisorUpstreamActiveDirectory.TestUserPassword,            // password to present to server during login
 					httpClient,
 				)
 			},
@@ -286,7 +286,7 @@ func TestSupervisorLogin(t *testing.T) {
 					"&sub=" + env.SupervisorUpstreamActiveDirectory.TestUserUniqueIDAttributeValue,
 			),
 			// the ID token Username should have been pulled from the requested UserSearch.Attributes.Username attribute
-			wantDownstreamIDTokenUsernameToMatch: regexp.QuoteMeta(env.SupervisorUpstreamActiveDirectory.TestUsernameAttributeValue),
+			wantDownstreamIDTokenUsernameToMatch: regexp.QuoteMeta(env.SupervisorUpstreamActiveDirectory.TestUserSAMAccountNameValue),
 			wantDownstreamIDTokenGroups:          env.SupervisorUpstreamActiveDirectory.TestUserDirectGroupsDNs,
 		},
 	}
diff --git a/test/testlib/env.go b/test/testlib/env.go
index 64706e58..04c770e0 100644
--- a/test/testlib/env.go
+++ b/test/testlib/env.go
@@ -92,12 +92,13 @@ type TestLDAPUpstream struct {
 	TestUserDN                     string   `json:"testUserDN"`
 	TestUserCN                     string   `json:"testUserCN"`
 	TestUserPassword               string   `json:"testUserPassword"`
-	TestUsernameAttributeName      string   `json:"testUserMailAttributeName"`
-	TestUsernameAttributeValue     string   `json:"testUserMailAttributeValue"`
+	TestUserMailAttributeName      string   `json:"testUserMailAttributeName"`
+	TestUserMailAttributeValue     string   `json:"testUserMailAttributeValue"`
 	TestUserUniqueIDAttributeName  string   `json:"testUserUniqueIDAttributeName"`
 	TestUserUniqueIDAttributeValue string   `json:"testUserUniqueIDAttributeValue"`
 	TestUserDirectGroupsCNs        []string `json:"testUserDirectGroupsCNs"`
 	TestUserDirectGroupsDNs        []string `json:"testUserDirectGroupsDNs"` //nolint:golint // this is "distinguished names", not "DNS"
+	TestUserSAMAccountNameValue    string   `json:"testUserSAMAccountNameValue"`
 }
 
 // ProxyEnv returns a set of environment variable strings (e.g., to combine with os.Environ()) which set up the configured test HTTP proxy.
@@ -261,8 +262,8 @@ func loadEnvVars(t *testing.T, result *TestEnv) {
 		TestUserCN:                     needEnv(t, "PINNIPED_TEST_LDAP_USER_CN"),
 		TestUserUniqueIDAttributeName:  needEnv(t, "PINNIPED_TEST_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME"),
 		TestUserUniqueIDAttributeValue: needEnv(t, "PINNIPED_TEST_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE"),
-		TestUsernameAttributeName:      needEnv(t, "PINNIPED_TEST_LDAP_USER_EMAIL_ATTRIBUTE_NAME"),
-		TestUsernameAttributeValue:     needEnv(t, "PINNIPED_TEST_LDAP_USER_EMAIL_ATTRIBUTE_VALUE"),
+		TestUserMailAttributeName:      needEnv(t, "PINNIPED_TEST_LDAP_USER_EMAIL_ATTRIBUTE_NAME"),
+		TestUserMailAttributeValue:     needEnv(t, "PINNIPED_TEST_LDAP_USER_EMAIL_ATTRIBUTE_VALUE"),
 		TestUserDirectGroupsCNs:        filterEmpty(strings.Split(needEnv(t, "PINNIPED_TEST_LDAP_EXPECTED_DIRECT_GROUPS_CN"), ";")),
 		TestUserDirectGroupsDNs:        filterEmpty(strings.Split(needEnv(t, "PINNIPED_TEST_LDAP_EXPECTED_DIRECT_GROUPS_DN"), ";")),
 		TestUserPassword:               needEnv(t, "PINNIPED_TEST_LDAP_USER_PASSWORD"),
@@ -276,8 +277,7 @@ func loadEnvVars(t *testing.T, result *TestEnv) {
 		TestUserPassword:               wantEnv("PINNIPED_TEST_AD_USER_PASSWORD", ""),
 		TestUserUniqueIDAttributeName:  wantEnv("PINNIPED_TEST_AD_USER_UNIQUE_ID_ATTRIBUTE_NAME", ""),
 		TestUserUniqueIDAttributeValue: wantEnv("PINNIPED_TEST_AD_USER_UNIQUE_ID_ATTRIBUTE_VALUE", ""),
-		TestUsernameAttributeName:      wantEnv("PINNIPED_TEST_AD_USERNAME_ATTRIBUTE_NAME", ""),
-		TestUsernameAttributeValue:     wantEnv("PINNIPED_TEST_AD_USERNAME_ATTRIBUTE_VALUE", ""),
+		TestUserSAMAccountNameValue:    wantEnv("PINNIPED_TEST_AD_USERNAME_ATTRIBUTE_VALUE", ""),
 		TestUserDirectGroupsDNs:        filterEmpty(strings.Split(wantEnv("PINNIPED_TEST_AD_USER_EXPECTED_GROUPS_DN", ""), ";")),
 		TestUserDirectGroupsCNs:        filterEmpty(strings.Split(wantEnv("PINNIPED_TEST_AD_USER_EXPECTED_GROUPS_CN", ""), ";")),
 	}