Failed Exchange error due to incorrect user_id

We created an enterprise Microsoft Azure AD connection and enabled it in an organization. Then created a post login action with steps such that when user successfully authenticates via azure ad account , we link that profile(user_id starts with “waad”) to existing auth0 profile of the same email id(user_id starts with “auth0”). While linking we pass the auth0 id as the primary id. But after the linking happen and it completes further post login actions, it fails at exchange (Failed Exchange) with “description”: “User waad|aaa is not part of the org_bbb organization”. Here the waad id is being used to check if user part of organization. But that id wont be there. The corresponding auth0 id will the one part of organization. So in that particular stage, need to use auth0 id instead of waad id.

As per the suggestion from auth0 support, tried “api.authentication.setPrimaryUser() method” to override event.user.user_id. But then got below error
“description”: “organizations is not supported together with primary user modifications in rules.”

Kindly provide your suggestions.

Hi @Navprabhat

Welcome back to the Auth0 Community!

Unfortunately, as mentioned in this community post with a similar issue to yours, Auth0 does not support account linking with organizations at this time, however there is a backlog item but there is no ETA on when the feature will be implemented.

As a work around for your implementation, you can attempt to link the accounts prior to having any of them being part of an organization or you can add the new user to the organization first then attempt account linking.

Regarding the setPrimaryUser(), you can review this Knowledge Article on the matter which advises you to se the Organization Login Flow for the application to No Prompt since it is expected behaviour.

image548×500 26.1 KB

If you have any other questions on the matter, feel free to leave a reply.

Kind Regards,
Nik