Unable to Create Verification Email Ticket for Federated User?

I was experimenting with a SAML federated user in the mgmt API today and discovered that I’m unable to create a verification email ticket for that connection type. I AM able to create a ticket for a database connection type using the same settings (verified that the mgmt API account has permission to create tickets).

Request (redacted):

Authorization: Bearer xxxx
Content-Type: application/json
POST https://{domain}/api/v2/tickets/email-verification

	"result_url": "http://localhost:4200/callback",
	"user_id": "samlp|{connection}|{email}"


    "statusCode": 400,
    "error": "Bad Request",
    "message": "The user's main connection does not support this operation",
    "errorCode": "operation_not_supported"

I wasn’t able to hunt down much by way of documentation - the management API only indicates that it may return the response: ’ 400 The user’s main connection does not support this operation’. No mention of which connection types are supported.

I understand why changing the password might be an invalid operation for a federated account, though I don’t quite understand why we wouldn’t be permitted to independently validate the user’s email address in Auth0. Am I missing a critical configuration somewhere? Or is it prohibited to create ANY ticket for a federated user?

Any suggestions on how we might validate a federated user’s email independently in Auth0?


This is a great question. We are in the process of setting up a SAML connection to a partner and it is not yet clear to us whether the partner users will get an email address verification email. Someone here might have a definitive answer but if I find anything out in my own testing I’ll post the results.

1 Like

3 years later I’m experiencing the exact same issue.

Any progress on this in the last 3 years? Thanks.