I created the azure AD enterprise connection according to auth0’s docs.
As i’m testing this connection, I see that the users created have no email at all, the closest there is the ‘upn’ attribute in the json part of the users which holds the email.
That’s my azure ad connection config in auth0:
I don’t want to resort to updating the email via auth0 api, something could be blocking auth0 from getting the email, or auth0 is configured not to take the email, not sure which…
Thank you!
Hey @giladweiss, Welcome to the Auth0 Community!
In Azure AD you have two separate claims, the upn and the email.
Have you added email in the “Token Configuration” section in the Azure AD Portal.
It can be added as the optional claims(to the ID token) in the “Token Configuration” section
Regards,
Sid
Hey Sid
Yes, I have set the email.
And now it is working, the problem was with my testing user’s configuration.
My problem now is to set the email if it is missing, so I tried with this code in a rule:
function (user, context, callback) {
if (!user.email && user.upn) {
user.email = user.upn;
}
callback(null, user, context);
}
But the email is still not set when I look at the user’s page.
Only difference this makes is by adding the email to the "Last time you sign with:"
How do I affectively set the email?
Hey, I tried also with the API but got this error:
{
"statusCode": 400,
"error": "Bad Request",
"message": "Cannot update email for this user",
"errorCode": "operation_not_supported"
}
All I try is to set the upn to the email property
Hey @giladweiss,
We don’t allow updating the email for the user coming from an External IDP, since
we are not the IDP.
Did you try to log in the user again?
Ideally, if the “Sync user profile attributes at each login” Setting of the connection is enabled it should resync the attributes.
Regards,
Sid
I am seeing exactly the same thing - did you ever find the solution to this?
I added these optional claims on the Azure app:
But on first signup, the email field is not populated - only the upn extended attribute contains the email.
Just adding some extra info here.
I am only seeing this problem occur on Azure Active Directory accounts that are using custom domains. Default Microsoft *.onmicrosoft.com seem to set the email address correctly without even adding optional claims to the ID token (or enabling “Extended Profile” in the Azure AD connection in Auth0)
I found the problem, a misconfiguration in my test Azure AD instance.
The test user did not have a license assigned to them and no mailbox. Get this when trying to access mailbox on outlook.com:
If this happens, the email address does not propagate through.
Thanks for sharing it with the rest of community!
Hi @tyrone.erasmus,
I am facing the same problem.
Would you mind sharing some details about how to get upn in Auth0 profile or set the user email with the info in upn?
Thanks a lot!
Same issue here, glad if you can help 
It looks we need to use the auth-pipeline rules to add an email to the access token even though if you do this the backend (we use .net) will fail the token validation.
Anyone had the same issue?
I had the same problem: when logging with Azure AD, Auth0 was not able to retrieve / store the email (but the UPN was).
I finally realize that the user I used to perform login tests had no email property on Azure side. 
So I added one (the same as the UPN in my case) via the Microsoft Entra ID dashboard (Users > {the user you want to edit} > Properties > Edit “Contact information” > Save with an email).
I had the same issue. I tried using the tenant ID instead of the custom domain, as I have another configuration with a different tenant that works with the tenant ID without needing to specify any optional claims on the AD side or requesting extended profile. however none of it worked for this tenant, so I changed the Identity API from V2 to V1 and that solved the issue for me.
Hi Team!
We’ve updated our Knowledge Solutions with a chapter about Adding Claims with Action in a similar fashion to how Rules worked. You can find it here → Azure AD Integration not Providing the User Email
Thanks
Dawid
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
