Email/Password account is not being linked to providers with the same email after creating rule in dashboard

I created a rule with one of the auth0 templates to “link accounts with the same address merging metadata”. It works really good across all the providers. If I login with facebook and then I login with a gmail account that has the same email it merges both accounts. But if I signup with user/password that uses the same email account it doesn’t get merged with the providers that are using that same email. Is this normal behavior? If not, how do I do to get the user/password account merged to the providers that are using the same email address? I’m talking specifically about the use case where the user first sign up with a social provider and THEN he sign up with a user/password…

1 Like


Due to security reasons, the rule does not make a merge if the email is not verified. If you verify the email first, then the rule would successfully run after the following login.

This is found in line 17 of the rule template.

Let us know if you have any other question.

Have a great week.

1 Like

An anecdote: We ran into this while hooking up a partner to our Auth0 via SAML. The partner already has users in our Auth0 hosted database so we wanted to link the matching accounts. But, because the SAML assertion did not include an email_verified: true attribute, the linking was failing. We solved it by mapping the nameAssertion attribute from the SAML assertion to email_verified. Since nameAssertion always had a value, email_verified = ${nameAssertion} evaluated to true.


Note 1: you can also ask the partner IdP to add an email_verified field to the SAML security token.

Note 2: email_verified is a standard OIDC attribute, has nothing to do with SAML specifically, hence is not part of a typical SAML assertion.

Note 3: You can do what we did and map (in the connection config) any truthy value to email_verified.


Thanks a lot @markd for sharing that knowledge here!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.