Prevent Sign Up for an an Email that already exist

Hello Auth0 Community,

I’m currently facing an issue with users signing up on my application using different methods (such as Google and email/password) and inadvertently creating multiple accounts with the same email address. I would like to prevent this and ensure that only one account is created per email address.

Is there a way to block the signup process when a user tries to sign up with an email that already exists in the system, regardless of the signup method (email/password or social login)? For example, if a user signs up with Google and then later tries to sign up with email/password using the same email address, the signup should be blocked with a message like “The user with this email already exists, try maybe with Google or by mail.”

Otherwise, I’m curious if there is a safe and automated process to link accounts with the same email address without requiring user approval. I understand that manual account linking is possible, but I’m looking for a more automated solution to ensure a seamless user experience.

Any suggestions or best practices for handling this scenario would be greatly appreciated. Thanks in advance for your help!

1 Like

Hi @novo,

Welcome to the Auth0 Community!

I understand that you’re running into a problem where users are creating multiple profiles with the same email address when logging in with multiple identity providers.

It is possible to block the signup process when a user tries to sign up with an email address that’s already associated with a profile in your tenant, but that would not be the solution I’d suggest. One reason is because it would lead to a confusing experience for the user and you wouldn’t be able to provide them with feedback on why they’re not able to sign up without revealing that there’s already a profile with that email address, which is a security concern.

In my opinion account linking is the way to go here, in part because it provides your users the convenience of authenticating via multiple identity providers. I have an account linking rule that meets the qualifications you’re describing and if you send me a DM I’d be happy to reply with the code for that rule.

I hope this helps!

Thanks,
Matt

1 Like

Hi Matt,

If you are using account linking, doesn’t this also surface to a user that there’s already a profile with that email address?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.