Problem statement
After updating the client ID and client secret in an Azure connection, duplicate profiles were created for returning users who logged in with that connection.
Symptoms
- Searching for a user in the Auth0 dashboard will return two profiles
- One profile will only have 1 login count while the other (older) profile will typically have a higher login count
Cause
When the WAAD (Azure AD) connection uses the Identity API ‘Microsoft Identity Platform (v2)’ then Auth0 will use the ‘sub’ claim sent in the Azure ID Token as the Auth0 user_id.
Since the ‘sub’ claim of a user is tied to a specific Azure App registration, when the WAAD connection in Auth0 had the app credentials updated the ‘sub’ claim sent by Azure also changed. Because Auth0 distinguishes unique users based on user_id, a new profile was created when a user logged in. This is expected behavior based on the current design of the WAAD (Azure AD) connection.
Solution
Currently, this is the expected behavior for the WAAD (Azure AD) connection (when using the v2 Identity Platform). The Auth0 Product team is aware of this behavior.
To request a feature enhancement, open a Feature Request on our Community site, which can be upvoted by Community peers and reviewed by Auth0 Product Managers.