Hi. I have integration with Azure AD, and I want to set email_verified to true
. But I get the next error:
" Error! You cannot set ‘Always set email_verified to true’ when the Common Endpoint is enabled".
What is the reason that Common Endpoint must be disabled?
Is it possible to set email_verified to true
with Common Endpoint enabled?
Thank you.
Hi @alex_kondratiev,
Unfortunately, when a common endpoint is enabled, you cannot set email_verified to true.
The Azure AD connection also has a Use Common Endpoint property. When it’s enabled, the user can authenticate with any Azure AD tenant. Given it’s not possible to trust that any Azure AD tenant will return verified emails, the Email Verification property will need to be set to Always set
email_verified
tofalse
.
Thank you.
One more clarification:
If I set the common endpoint to disabled, only users with accounts in the domain that I set in Azure integration (Microsoft Azure AD Domain* field), will be available to authorize?
And If I want to authorize users with accounts from another domain, should I create new integration with Azure (connected to another domain)?
You can add new connections for each domain, or you can configure the same connection to support multiple domains.
If you’d like to support different domains in the same connection, you can add additional Identity Provider domains by updating the Identity Provider domains setting on the Login Experience tab:
These users will authenticate in your primary Microsoft Azure AD Domain.
Now we have tenant setting email_verification
disabled, so for all users email_verified= true
, and we use common endpoint
Can we somehow leave these settings, when tenant setting will be deprecated (due to Reminder: Update your AzureAD/ADFS connection setting before April 30th, 2021).
We don’t want to manually add domains in integration because we don’t know exactly which and how many domains users might use.