Azure AD Enterprise Connection requires a new connection per client organisation

My required features are:

• Allow password login (email must be verified)
• Allow companies to login via Azure AD (email must NOT require verification)

My current setup:

• For each client org, create an “Organisation”
• For each client org, create a “Microsoft Azure AD Enterprise Connection” → set the domain to the client’s domain
• Link each “Organisation” to the corresponding “Enterprise Connection”

With my current setup, users will enter their email → get allocated an “Organisation” based on their email domain → be presented with configured logins (password OR their specific company’s Azure AD).

This process requires creating 1 enterprise connection per client organisation which gets expensive very quickly. Is there an alternative method that fits my requirements within auth0?

I’ve tried multiple alternatives:

• “common endpoint” prevents “email verified by default”
• using just 1 Azure AD enterprise connection requires you to specify a domain (mycompany.com)
  • This sends employee@companyb.com to the mycompany.com tenant

Hi @cfong

Welcome to the Auth0 Community!

Would setting the email verified to true by default using a PostLogin Action trigger be a viable option for your current use case?

exports.onExecutePostLogin = async (event, api) => {

  if (event.connection.name === 'Global-Azure-AD-Connection') {

    api.user.setEmailVerified(true);
  }
};

Let me know if this works for you!

Kind Regards,
Nik