We have a need to access the Azure-AD attribute onPremisesSamAccountName from auth0, but the value is not available from auth0. Is there a way to get this information included in the user profile when they login? I cannot se it in the RAW Json for the users?
Our configuration for the enterprise connection against Azure-AD look like:
I’m afraid the Enterprise Azure AD connection type is designed to work with a specific set of claims, and everything that is not recognized (including onPremisesSamAccountName) is discarded.
As of this writing, these are the values that Auth0 will take and store (on the left is the Auth0 user profile property name, on the right is the claim name returned by Azure AD):
roles: [roles, role]
email: [email, mail]
upn: [upn, userPrincipalName]
There are two alternatives that you might want to consider:
Connecting to an Azure AD domain using a SAML connection
Connecting to an Azure AD domain using a generic OIDC connection
Both the SAML connection and the Enterprise OIDC connection will accept and store any claim/attribute sent by Azure AD. These connections don’t have any Azure AD-specific knowledge, however, so they can’t use Azure AD’s API endpoints to get the “extended profile” or user groups. Only information sent by Azure AD in the response will be used (you can always configure Azure AD to include additional claims in the ID token). Not sure these alternatives would be able to provide all the information you need, but it might be worth a try.
I’d also suggest leaving a note at https://auth0.com/feedback requesting getting the onPremisesSamAccountName claim from the Azure AD response if available.