Hello,
I'm creating an ODC application which users are authenticated by the Azure AD identity provider.
When a user is authenticated by Azure AD, ODC checks if this user exists. If not, the appropriate user is created.
The key issue is that users are identified by their email addresses. At the Azure AD side email is not immutable and can be changed (the most typical case is when a woman gets married and takes the husband's name). It leads to creating a new user in ODC (because the new email is not recognized).
Have you any idea how to deal with this issue? I believe it concerns all kinds of external identity providers.
Kind regards
Tomasz
Hi Thomasz,
interesting question, I had the same discussion with a client over here.
I had a few ideas around this subject. But the easiest seemed the following:
Since people having their email changed is quite an edge case at least of what Ive observed over the years I would probably do it like this.
you can use alias emailaddresses, so if she changes her name you might just want to add an alias on the azureAD side to the original email and you can use both to login.
if this wouldnt be a good solution you'd have to remap all of the original account's data or make an alias system yourself.
Hi,
Thanks for tips.
The best solution would be if we had a possibility do change email in the user's profile.... like in O11... But we haven't :-(