Adding SSO to existing users

We are trying to add SSO with Azure AD to one of our Auth0 applications. The connection is fine, and we are able to authenticate our account. The issue we are having is that in our application (not the Auth0 application) users are granted premissions based on there Auth0 user ID (which is connected to there email address), but when activating the SSO, Auth0 creates a new Auth0 user with a new User iD, and it uses the same email that already exsist on a Auth0 user thats uses our “standard” database connection.

Is there a setting we can use so that the SSO authentication uses the already exting Auth0 user instead of creating a new Auth0 user?

Hi @niklas.dahlgren

This is dangerous. When you make email the primary user ID, and then you have multiple connections (in your case a DB connection and the Azure AD connection), your backend implicitly links these accounts. This opens you up to account takeover hacks.

Each user should have a unique ID that is NOT tied to email. This is critical.

And then you can use Auth0’s account linking extension to safely link the Azure AD account with the DB account.

John

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.