Problem Statement
The user profile has no email when the user is created via Azure AD connection.
Cause
The most likely cause is that there is no ‘email’ property for the user in the Azure AD. In some Azure tenants, only the User Principal Name (UPN) is configured.
Solution
Add Claims by Configuration
Follow these steps:
- Check in the Azure Portal whether the user has an Email property.
- If true, then navigate to Azure AD > App registrations > select an Application > Token configuration
- Enable upn and email claims for the ID token ( as defined in the following table )
| CLAIM | DESCRIPTION |
|---|---|
| The addressable email for this user, if the user has one | |
| groups | Optional formatting for group claims |
| upn | An identifier for the user that can be used with that username |
Add Claims by Rules
Alternatively, add this in a Rule to map UPN as Email:
user.email = user.email || user.upn;