Getting Azure Tenant Id from Enterprise Connection

jonathan.wilson · March 16, 2023, 1:59am

Hello,

I have Azure AD authentication configured through a Microsoft Azure AD Enterprise Connection.

This is working well and I would like to add the users’ Azure AD tenantid property as a custom claim.

The Raw JSON for a user that was registered through this connection lists a tenantid property which contains the Azure AD tenant id. Querying the user through the Management API also provides this value. Within a Custom Action, event.user.tenantid says that the property does not exist, and @ts-ignore results in no value being returned.

Is this possibly related to the last item on Actions Limitations? “Top-level event.user attributes added by an external IdP or custom database script”. There is no indication on the user record that this is a non-standard attribute, but it not being listed in any documentation would seem to indicate this.

It looks like this same question was asked in Nov '21 (How to access the `tenantid` property on a `User` in an Auth0 action) and the response at the time was to continue using Rules (as the poster had this working in a Rule).

Being new to Auth0, I would rather not start off by using Rules if there are plans to deprecate them, but if that is far enough into the future then perhaps it is the way to go.

Can someone please provide guidance here?

Thanks!

oystein-beaufort · May 23, 2023, 8:51am

I created the original topic referred to here (How to access the `tenantid` property on a `User` in an Auth0 action - #10 by oystein-beaufort).

I just received an email announcing end of life for rules and hooks november 18 2024. I tried to use actions again, but it’s still not possible to access the Azure AD tenant ID. Any updates on this would be appreciated as we won’t be able to migrate to actions before this issue is resolved.

Thanks

Kiwi · June 6, 2023, 2:15pm

Any updates on this? We would prefer to access the Azure Ad tenant ID within actions, instead of rules as well. Since we’re creating a new app.
Seems annoying to first implement it within rules and then migrate it next year… Solving this issue shouldn’t take so long to fix.

j.krabs · February 27, 2024, 7:34am

+1 for this feature. Is there any update from the team?

If not solved yet, maybe it would be a solution to use the management-api inside of the action to get the extended user-object including the tenant ID. Could be a temporal workaround. (not tested yet)

j.krabs · September 30, 2024, 3:03pm

In case somebody is coming back questioning if this is still an open issue:
I just tested it and the tenant ID is now easily accessible by calling event.user.tenantid