Azure AD / ADFS Toggle Button Missing from Migration Section of New Tenant

Problem statement

When attempting to configure Email verification for the Azure AD and/or ADFS connections in a recently created new tenant, the green toggle button does not display. The documentation describes a green toggle button that controls the behavior of email verification for users that are associated with Azure AD or ADFS - Azure AD/ADFS Email Verification Migration setting.

In the dashboard, when navigating to SettingsAdvancedMigrations, this toggle button is not present in the Migrations section.

Why does the green toggle button that helps control the behavior of Email verification not display when using Azure AD or ADFS?

Cause

This toggle is a legacy feature that is not present in all tenants. The specific migration that this button is relevant to concerns the way that Auth0 previously used to set the email_verified field to ‘true’ in Azure AD and ADFS connections.

Towards the end of 2020, it was announced that this behavior would be deprecated.

  • Deprecated: November 18, 2020, for Public Cloud and on December 1, 2020, for PSaaS.
  • EOL on April 30, 2021, for public cloud tenants and on May 11, 2021, for PSaaS tenants.

Solution

If using a tenant with Azure AD and ADFS connections created before this deprecation, a tenant setting will override the Connection Setting for Email Verification and keep the previous behavior. Refer to Azure AD/ADFS Email Verification Migration setting.

In these circumstances, administrators can select the desired behavior mode. As described in the documentation:

  • When this setting is disabled, email_verified will always be true for Azure AD/ADFS connections.
  • When enabled, it will use the Email Verification setting at the connection level.

If working with a new tenant created after the deprecation occurred, this green toggle button will not be present in the Migration section of the Advanced settings for the tenant. By default, new tenants now use the connection level property for all Azure AD/ADFS connections, as described in this documentation:

If the application requires that the emails from an Azure AD/ADFS connection’s users are always verified, enable the Enable email verification flow during login for Azure AD and ADFS connections option in the tenant’s Advanced Settings section.

In the dashboard, navigate to SettingsAdvanced, scroll down to the general Settings section to the toggle button to define how email verification is handled during login for Azure AD and ADFS connections.