I’m afraid the Enterprise Azure AD connection type is designed to work with a specific set of claims, and everything that is not recognized (including
onPremisesSamAccountName) is discarded.
As of this writing, these are the values that Auth0 will take and store (on the left is the Auth0 user profile property name, on the right is the claim name returned by Azure AD):
roles: [roles, role]
email: [email, mail]
upn: [upn, userPrincipalName]
There are two alternatives that you might want to consider:
- Connecting to an Azure AD domain using a SAML connection
- Connecting to an Azure AD domain using a generic OIDC connection
Both the SAML connection and the Enterprise OIDC connection will accept and store any claim/attribute sent by Azure AD. These connections don’t have any Azure AD-specific knowledge, however, so they can’t use Azure AD’s API endpoints to get the “extended profile” or user groups. Only information sent by Azure AD in the response will be used (you can always configure Azure AD to include additional claims in the ID token). Not sure these alternatives would be able to provide all the information you need, but it might be worth a try.
I’d also suggest leaving a note at https://auth0.com/feedback requesting getting the
onPremisesSamAccountName claim from the Azure AD response if available.