Azure AD Integration not Providing the User Email

Overview

This article provides a solution for an issue where the user profile has no email when the user is created via the Azure AD connection.

Applies To

  • Azure AD (EntraID) Connections
  • User Email

Cause

The most likely cause is that the user does not have the email property in Azure AD. In some Azure tenants, only the User Principal Name (UPN) is configured.

Solution

Add Claims by Configuration

Follow these steps:

To resolve this issue, configure the Azure AD to send the email claim to Auth0.

Follow these steps:

  1. Confirm in the Azure Portal whether the user has an Email property.
  2. If true, then navigate to Azure AD > App registrations > select an Application > Token configuration
  3. Enable upn and email claims for the ID token ( as defined in the following table )
CLAIM DESCRIPTION
email The addressable email for this user, if the user has one
groups Optional formatting for group claims
upn An identifier for the user that can be used with that username

Ensure Sync User profile on each Login is disabled on the connection to allow PATCH requests to the user. If enabled, it will not allow root user profile attribute updates.