Adding SSO to existing users

niklas.dahlgren · October 6, 2022, 12:41pm

We are trying to add SSO with Azure AD to one of our Auth0 applications. The connection is fine, and we are able to authenticate our account. The issue we are having is that in our application (not the Auth0 application) users are granted premissions based on there Auth0 user ID (which is connected to there email address), but when activating the SSO, Auth0 creates a new Auth0 user with a new User iD, and it uses the same email that already exsist on a Auth0 user thats uses our “standard” database connection.

Is there a setting we can use so that the SSO authentication uses the already exting Auth0 user instead of creating a new Auth0 user?

john.gateley · October 6, 2022, 2:27pm

Hi @niklas.dahlgren

This is dangerous. When you make email the primary user ID, and then you have multiple connections (in your case a DB connection and the Azure AD connection), your backend implicitly links these accounts. This opens you up to account takeover hacks.

Each user should have a unique ID that is NOT tied to email. This is critical.

And then you can use Auth0’s account linking extension to safely link the Azure AD account with the DB account.

John

Topic		Replies	Views
Link SSO accounts with already exist accounts Help sso , connections , account-linking	4	3983	February 25, 2022
Handle SSO logins for existing users Help auth0 , sso , login	1	2076	March 8, 2022
Account Linking and SSO Help user-management , account-linking	2	523	March 1, 2024
Import Users from AD to Auth0 for SSO Help connections , azure-ad-enterprise-connection	5	512	July 19, 2024
Linking passwordless email identity to primary identity Help actions	2	1543	January 29, 2023

Adding SSO to existing users

Related Topics