Hello @Alvaro Roberto ,
- Only way I could think of is allowing user attribute to generate a claim with null value. We could achieve this by passing "AllowGenerationOfClaimsWithNullValues" to "Null".
- Within starter pack base profile, the claim attribute signInNames.emailAddress is used in 3 following technical profile: AAD- UserWriteUsingLogonEmail, AAD-UserReadUsingEmailAddress and AAD-UserReadUsingObjectId .
- Kindly try adding <Item Key="AllowGenerationOfClaimsWithNullValues">true</Item> to each of these technical profile metadata and let know if you have any queries in the comments section
Ref example:
<TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
<Metadata>
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
<Item Key="AllowGenerationOfClaimsWithNullValues">true</Item> <!-- ***Allow to generate a claim with null value***. . -->
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true" />
</InputClaims>
<PersistedClaims>
<!-- Required claims -->
<PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password" />
<PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown" />
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration" />
<PersistedClaim ClaimTypeReferenceId="Verified.strongAuthenticationPhoneNumber" PartnerClaimType="strongAuthenticationPhoneNumber" />
<!-- Optional claims. -->
<PersistedClaim ClaimTypeReferenceId="givenName" />
<PersistedClaim ClaimTypeReferenceId="surname" />
</PersistedClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
Thanks,
Akshay Kaushik
Please "Accept the answer" ,"Upvote" and rate your experience if the suggestion works as per your business need. This will help us and others in the community as well.