Overview
This article provides a solution for an issue where the user profile has no email when the user is created via the Azure AD connection.
Applies To
- Azure AD (EntraID) Connections
- User Email
Cause
The most likely cause is that the user does not have the email
property in Azure AD. In some Azure tenants, only the User Principal Name (UPN) is configured.
Solution
Add Claims by Configuration
Follow these steps:
To resolve this issue, configure the Azure AD to send the email
claim to Auth0.
Follow these steps:
- Confirm in the Azure Portal whether the user has an Email property.
- If true, then navigate to Azure AD > App registrations > select an Application > Token configuration
- Enable upn and email claims for the ID token ( as defined in the following table )
CLAIM | DESCRIPTION |
---|---|
The addressable email for this user, if the user has one | |
groups | Optional formatting for group claims |
upn | An identifier for the user that can be used with that username |
Ensure Sync User profile on each Login is disabled on the connection to allow PATCH requests to the user. If enabled, it will not allow root user profile attribute updates.