Use a real email attribute on SCIM endpoints
Azure's configuration allows users to specify an email (and even an alternate email). However, an actual mapping is missing in Azure.
The default mapping is mail
=> emails[type eq "work".value
- However, updating the email doesn't get synced as part of an update to the user (nor set to a create endpoint).
Current workaround:
The mapping is done using userPrincipalName
=> emails[type eq "work".value
. Taking advantage of using an email format for userPrincipalName
.
This is blocked by Azure's ongoing (~2 months at the time of writing) investigation. Case 119022325000034
.
This may not affect other IdPs if the email is synced properly, though.
Edited by James Lopez