Auth0 Federated User Claims

Hello -

We have configured our Auth0 tenant to use an Enterprise connection to Microsoft Azure AD based on the Identifier First flow for some users (based on email domain) and other users are using Auth0 local accounts. The steps we used to establish Azure AD enterprise connection are outlined at Connect Your Native App to Microsoft Azure Active Directory Using Resource Owner Flow.

Consider the following two flows:

  • Secure Resource Request => Auth0 => “Enterprise.com” id first recognized => Azure AD => LOGIN => Auth0 w/ claims => Secure resource

vs

  • Secure Resource Request => Auth0 => “abc123.com” (no id first flow => Auth0 Local Account LOGIN => Secure resource

How can our secure resource application know which flow the user took? We cannot locate any claim data to hint that the user logged into an “enterprise connection”. e.g. No claims exist that the user logged in via Azure AD.

Hey there @matt.scachette!

My initial reaction is to take a look at the sub claim - If a user has federated through Azure AD this would result in a sub claim like waad|user_id whereas if Auth0 it would be auth0|user_id.

Alternatively, you could certainly hook into an Action. For example, in a Post Login Action you have available to you the event object which contains an event.connection.strategy where this information will also be available.

Let me know if I didn’t understand your question correctly - Hope this helps!