Microsoft azure AD user created with no email

I created the azure AD enterprise connection according to auth0’s docs.
As i’m testing this connection, I see that the users created have no email at all, the closest there is the ‘upn’ attribute in the json part of the users which holds the email.

That’s my azure ad connection config in auth0:

I don’t want to resort to updating the email via auth0 api, something could be blocking auth0 from getting the email, or auth0 is configured not to take the email, not sure which…

Thank you!

Hey @giladweiss, Welcome to the Auth0 Community!

In Azure AD you have two separate claims, the upn and the email.

Have you added email in the “Token Configuration” section in the Azure AD Portal.
It can be added as the optional claims(to the ID token) in the “Token Configuration” section

Regards,
Sid

Hey Sid

Yes, I have set the email.

And now it is working, the problem was with my testing user’s configuration.

My problem now is to set the email if it is missing, so I tried with this code in a rule:

function (user, context, callback) {
  if (!user.email && user.upn) {
    user.email = user.upn;
  }

  callback(null, user, context);
}

But the email is still not set when I look at the user’s page.
Only difference this makes is by adding the email to the “Last time you sign with:”


Without my code above it show instead AZURETEST (the name).

How do I affectively set the email?

Hey, I tried also with the API but got this error:

{
    "statusCode": 400,
    "error": "Bad Request",
    "message": "Cannot update email for this user",
    "errorCode": "operation_not_supported"
}

All I try is to set the upn to the email property

Hey @giladweiss,

We don’t allow updating the email for the user coming from an External IDP, since
we are not the IDP.

Did you try to log in the user again?

Ideally, if the “Sync user profile attributes at each login” Setting of the connection is enabled it should resync the attributes.

Regards,
Sid

I am seeing exactly the same thing - did you ever find the solution to this?

I added these optional claims on the Azure app:

But on first signup, the email field is not populated - only the upn extended attribute contains the email.

Just adding some extra info here.

I am only seeing this problem occur on Azure Active Directory accounts that are using custom domains. Default Microsoft *.onmicrosoft.com seem to set the email address correctly without even adding optional claims to the ID token (or enabling “Extended Profile” in the Azure AD connection in Auth0)

I found the problem, a misconfiguration in my test Azure AD instance.

The test user did not have a license assigned to them and no mailbox. Get this when trying to access mailbox on outlook.com:

If this happens, the email address does not propagate through.

1 Like

Thanks for sharing it with the rest of community!