Problem statement
When using Azure AD with an SSO authentication mechanism, the Azure AD populates a custom claim field in the ID Token returned after the authentication. Is it possible to extract this custom claim from the ID Token to set it as user_metadata in Auth0?
When trying to use Actions, neither the Event Object or the API Object parameter contains the ID token returned from Azure AD.
Cause
Azure AD has been configured to store a custom claim in the Azure ID Token, with the expectation that Actions can be used to extract the custom claim and add it to user_metadata on the Auth0 side of the transaction.
Use of an Azure AD Enterprise connection will not solve this problem. Instead, it is necessary to setup either an Enterprise OIDC Connection or a SAML Connection.
Solution
Configure either an Enterprise OIDC or SAML Connection. Once an Enterprise OIDC or SAML Connection has been provisioned, the custom claim can be added to the user profile at the root level.
From there, it will be possible to access it in an Action from the 'event.user’ property and then call 'api.user.setUserMetadata ’ to enrich the user_metadata profile. See this example in the documentation.