Developer forum

Yes, just that link.

We get back an identifyer which is the email and map the user like that. If the user is not there, we create it on signup.

Thank you for information. 

Right now we have some problem with our azure ad setup. But will try as soon as we get it working.

Can i map the user on the email field in DW instead of the username field? 
Because the username field is not the email in our case. So when we login now using Azure ad it creates a new account because no user with my email exists in the username field. 

Hi Andreas

When we get the auth token back from Azure, it contains various information in the claim - Dynamicweb uses "preferred_username" to map the user - see https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference - so the value in that field is what we try to match on the username. Username in Dynamicweb is the 'key' which is why we look at that column.

To make it look at the email field on a Dynamicweb user, we have to make a fallback in our external authentication handling that if we do not locate a user using the returned username (preferred_username field in the claims) we try to locate the user by looking at the email and use that instead. That would be a minor change from our side. Issue with this is that email is not immutable, meaning that the user can change their email address in the AD and then their login will start to fail - also 2 users in Azure could have the same email on them - i.e. info@something.com - and then when each of them login they would get the same user account in Dynamicweb. Both rare situations, but that would be the consequence.

Alternative to the above is to copy email to username field in DW - either by default or when a user starts an external login.

What are your thoughts?