Avoid storing some PII data from external identity providers in Auth0

Problem statement

We are using Auth0 for federated authentication with social connections and enterprise connections.

Looking at the user records stored at the Auth0 side, we see the following attributes:

  1. Email
  2. Name
  3. Nickname
  4. Picture
  5. Preferred username

Is it possible to prevent any of these attributes from being saved on the Auth0 side?

Solution

The are a couple different approaches for this and it will depend on the connection itself.

For example, if you are using our built-in social connections, you can verify the user_data selections under the connection settings to ensure you have the correct values selected. Some IdPs might be exposing more than the minimum required user details (e.g., Facebook passes name details as a minimum); in that case, you can use the Management API to remove values not required by setting the field to null.

Also, there is another option you can explore, which is that you can deny some attributes for the connection. For more information, you can go here: Add User Attributes to Deny List. Using this feature, you can PATCH a connection to have an option called non_persistent_attrs . This is an array of attributes that will not be stored in the profileData of a user. For example:

 "non_persistent_attrs": [
            "given_name",
            "family_name",
            "gender",
            "ethnicity"
        ]

Doing this will prevent these attributes from being written to the profileData of the user identity (as well as the root if the identity is primary).

What happens if these are introduced after a user has already logged in? The next time the user logs in, these values will be removed from profileData. If the identity is primary, they will also be removed from the user profile’s root, but only if Sync user profile attributes at each login is enabled. If you keep Sync user profile attributes at each login enabled, and set non_persistent_attrs, you can effectively do two things:

  • Prevent future user signups from including PII in the user profile
  • Clean up existing PII on users when they attempt to log in again.