I’m currently facing an issue with users signing up on my application using different methods (such as Google and email/password) and inadvertently creating multiple accounts with the same email address. I would like to prevent this and ensure that only one account is created per email address.
Is there a way to block the signup process when a user tries to sign up with an email that already exists in the system, regardless of the signup method (email/password or social login)? For example, if a user signs up with Google and then later tries to sign up with email/password using the same email address, the signup should be blocked with a message like “The user with this email already exists, try maybe with Google or by mail.”
Otherwise, I’m curious if there is a safe and automated process to link accounts with the same email address without requiring user approval. I understand that manual account linking is possible, but I’m looking for a more automated solution to ensure a seamless user experience.
Any suggestions or best practices for handling this scenario would be greatly appreciated. Thanks in advance for your help!
I understand that you’re running into a problem where users are creating multiple profiles with the same email address when logging in with multiple identity providers.
It is possible to block the signup process when a user tries to sign up with an email address that’s already associated with a profile in your tenant, but that would not be the solution I’d suggest. One reason is because it would lead to a confusing experience for the user and you wouldn’t be able to provide them with feedback on why they’re not able to sign up without revealing that there’s already a profile with that email address, which is a security concern.
In my opinion account linking is the way to go here, in part because it provides your users the convenience of authenticating via multiple identity providers. I have an account linking rule that meets the qualifications you’re describing and if you send me a DM I’d be happy to reply with the code for that rule.