Hey @markd,
Thanks for the response! I’d actually started looking at the second option you mentioned above through the use of a rule to merge the 365 account metadata with the existing Auth0 account. This seems to have worked as I expected, which is good!
Thanks for your help.
EDIT: Actually I might have spoken too soon…it seems the rule provided by Auth0 to merge metadata overwrites roles with each login to a different system. We currently have two applications setup in Auth0 with 2 different roles using the Authorization extension.
If I log in to the first application, the metadata reflects that application’s roles. If I login to the second, it reflects the second application’s roles. I might be misunderstanding how the Authorization extension works here though - I was under the impression it just provided whichever roles were relevant to the application being logged in to.