After setting up LDAP and getting the roles mapped, i've come to the realization that the way the logins are authenticating is frustrating.
We login with our email address/UPN (firstname.lastname@example.org). Our SAM (domain\name) is different than our UPN (email domain does not match internal domain, and SAMs are limited to 8 characters). The way Prism handles the login is to use the second part of the SAM (name) while using the internal domain name (@domain.com). This makes no sense. The authentication should either use UPN (email@example.com) or SAM (domain\name), not some form of both.
Yes. A change was made in the way Prism tries to auth against LDAP in version 4.6.2 (that was the target patch release anyway). I'm not sure if it ever came to fruition or not as our admins just became accustomed to logging in the "odd" way.
Shout out to Nutanix for taking it to heart and attempting to do something about it tho .