Adding SSO to existing users

niklas.dahlgren · October 6, 2022, 12:41pm

We are trying to add SSO with Azure AD to one of our Auth0 applications. The connection is fine, and we are able to authenticate our account. The issue we are having is that in our application (not the Auth0 application) users are granted premissions based on there Auth0 user ID (which is connected to there email address), but when activating the SSO, Auth0 creates a new Auth0 user with a new User iD, and it uses the same email that already exsist on a Auth0 user thats uses our “standard” database connection.

Is there a setting we can use so that the SSO authentication uses the already exting Auth0 user instead of creating a new Auth0 user?

john.gateley · October 6, 2022, 2:27pm

Hi @niklas.dahlgren

This is dangerous. When you make email the primary user ID, and then you have multiple connections (in your case a DB connection and the Azure AD connection), your backend implicitly links these accounts. This opens you up to account takeover hacks.

Each user should have a unique ID that is NOT tied to email. This is critical.

And then you can use Auth0’s account linking extension to safely link the Azure AD account with the DB account.

John

system · November 21, 2024, 10:51pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Link SSO accounts with already exist accounts Help sso , connections , account-linking	4	3998	February 25, 2022
Handle SSO logins for existing users Help auth0 , sso , login	1	2077	March 8, 2022
Account Linking and SSO Help user-management , account-linking	2	541	March 1, 2024
Import Users from AD to Auth0 for SSO Help connections , azure-ad-enterprise-connection	5	537	July 19, 2024
Check for existing Email/Password accounts when using SSO Help login	2	1467	December 22, 2022

Adding SSO to existing users

Related topics