Salesforce User Details to Custom Auth0 API

We use Salesforce, and our staff users log into Salesforce using Entra ID as the IdP. Salesforce isn’t connected to Auth0 at all today.

Separate to this, we have build an external custom API in AWS, which is authenticated using Auth0 as the IdP (and exists as a custom Auth0 API in the Auth0 portal).

We’d like Salesforce to consume this API, but we’d like to store the logged in Salesforce staff User details in our database that backs the API (to act as an audit trail).

We have created a Salesforce application in Auth0 as a M2M application, with appropriate permissions to access the API.

The question:
Is it possible to get the ‘Salesforce staff User’ details (first name / last name claims etc) passed through here to our Auth0 backed API (rather than the ‘M2M user’) without having to send the Salesforce User in the body payload of the API? Is it possible to add this to the M2M Auth Token itself somehow to then extract on the other side? What is best practice here? An Action? Custom token exchange?

Hi @huntsman,

Welcome to the Auth0 Community!

Based on your request, what I would recommend as the most straightforward and secure solution, would be to create an OIDC connection inside Auth0 for your custom API for Entra ID and then send the token from Salesforce when making requests. This way, requests will be authorized, and you’ll be able to obtain all the information that you need to log from the token itself.

If you have any other questions for us let us know.

Have a good one,
Vlad