Auth0 Home Blog Docs

Email/Password account is not being linked to providers with the same email after creating rule in dashboard

Hello,
I created a rule with one of the auth0 templates to “link accounts with the same address merging metadata”. It works really good across all the providers. If I login with facebook and then I login with a gmail account that has the same email it merges both accounts. But if I signup with user/password that uses the same email account it doesn’t get merged with the providers that are using that same email. Is this normal behavior? If not, how do I do to get the user/password account merged to the providers that are using the same email address? I’m talking specifically about the use case where the user first sign up with a social provider and THEN he sign up with a user/password…

1 Like

Hello!

Due to security reasons, the rule does not make a merge if the email is not verified. If you verify the email first, then the rule would successfully run after the following login.

This is found in line 17 of the rule template.

Let us know if you have any other question.

Have a great week.

1 Like

An anecdote: We ran into this while hooking up a partner to our Auth0 via SAML. The partner already has users in our Auth0 hosted database so we wanted to link the matching accounts. But, because the SAML assertion did not include an email_verified: true attribute, the linking was failing. We solved it by mapping the nameAssertion attribute from the SAML assertion to email_verified. Since nameAssertion always had a value, email_verified = ${nameAssertion} evaluated to true.

1 Like

Thanks a lot @markd for sharing that knowledge here!