Some of our users authenticates with Azure AD, and we currently have a rule that sets a custom azure_ad_tenant_id claim on the id and access tokens so that the we know which Azure AD tenant the user belongs to by doing:
As migrating from rules to actions is recommended I tried to create a similar action, but I’m unable to access the tenantid property on the User. When trying to access event.user.tenantid. I get the following error message:
Property 'tenantid' does not exist on type 'User & { multifactor?: string[] | undefined; } & { identities: UserIdentity[]; }'.(2339)
When inspecting the raw JSON on a user I see that it has the tenantid property set.
So the question becomes: how can I access the tenantid property on a User in an Auth0 action?
I understand that you have encountered issues when setting the Microsoft Azure AD tenantid claim with Actions.
First, could you please clarify if doing something like console.log(event.user) at the top of your Action script can produce the user object with the tenantid property in the response?
And could you also please confirm if your Rules contains a value when you use the user.tenantid and works as expected?
Note that the User object in Actions and Rules should allow you to retrieve any of the User Profile Attributes, which normally does not include the tenantid property.
The Rule works well. It gets the tenantid from the user and sets it as a custom claim on the JWT.
I’ve tested to add tenantid to the user object in the Action test data, and when logging the user, the tenantid is also logged. But I get aTypeScript-error saying the property does not exist (see image below). Could there be an issue/bug with the property erroneously missing from the user Interface/type? I’d like to avoid using // @ts-ignore in my code if possible, so it would be great if you could fix that in that case!
I have reviewed your screenshot and found you are calling the event.user.tenantid property which does not exist. Instead, you’ll want to call the event.tenant.id to get the Tenant ID.
Thanks for your reply, @rueben.tiow , but I don’t think that solves my problem.
I just tested this, but I don’t think event.tenant.id in Actions is the the same as event.user.tenantid in Rules. It seems like event.tenant.id is the Auth0 tenant ID, but what I want to access is the Azure AD tenant ID the user uses to log in with, which in Rules can be accessed via event.user.tenantid.
How can I access the Azure AD tenant id in Actions?
I’d like to preface that some of the functionality found in Rules may not be entirely available in Actions yet, but will before the end of life of Rules.
In this scenario, it may be worth trying the event.user.tenantid property in Actions and seeing if it produces any values.
If not, please let me know, and I’ll pass this information along to our Engineers to see if they could fulfill this request sooner.
Looking forward to hearing back on whether this works.
I tried to use the event.user.tenantid property (with // @ts-ignore) in my action, but it didn’t work, so I still need to use rules for this case/property.
I’d very much appreciate it if you could notify me when this property is available in actions!