We have configured our Auth0 tenant to use an Enterprise connection to Microsoft Azure AD based on the Identifier First flow for some users (based on email domain) and other users are using Auth0 local accounts. The steps we used to establish Azure AD enterprise connection are outlined at Connect Your Native App to Microsoft Azure Active Directory Using Resource Owner Flow.
Consider the following two flows:
- Secure Resource Request => Auth0 => “Enterprise.com” id first recognized => Azure AD => LOGIN => Auth0 w/ claims => Secure resource
- Secure Resource Request => Auth0 => “abc123.com” (no id first flow => Auth0 Local Account LOGIN => Secure resource
How can our secure resource application know which flow the user took? We cannot locate any claim data to hint that the user logged into an “enterprise connection”. e.g. No claims exist that the user logged in via Azure AD.