Updating email if duplicate user exists

We are in the progress of migrating a database to Auth0 which contains some people having multiple users ( unique user IDs and emails across users). These people have access to multiple tenants of our application for different business customers, and currently different credentials for each tenant. Our plan is to update our mobile app to allow selection from accessible tenants (they aren’t visiting a specific domain, so we only know based on user ID). Until then, merging these accounts isn’t an option. We need unique user ID in order to know which tenant’s data to return.

In the short term, our plan is to keep these accounts separate, and prevent any user from updating their email if it already exists. Does this sound like the right approach?

In the long term, what is the best workflow for handling a user that tries to update their email address to one that already exists? Is it to delete the user of the no longer used email and merge the metadata on the user with the email that will remain? Is it to link the users (with one having a potentially no longer valid email)? I assume in either case the user would need to authenticate against the user already with the new email address in order to ensure that they are that person.

Thanks in advance for any advice.

Auth0’s built-in functionality already prevents users from changing their email to another one that already exists. E.g, trying to update an email address via the dashboard to one that already exists, I receive the following error:

The specified new email already exists

As for your situation with multi-tenant applications, you might eventually want to consolidate the multiple accounts for the same user, into a single user account. One way this can be done is to link the multiple accounts to a single primary account, and use app_metadata to store the multi-tenant information. This is outlined further in the following document: