AD B2C: E-mail claim for local and federated identities

Question

I see there is a difference how e-mail is provided for local B2C identities (signInNames.emailAddress email) and for external identities such as Google (email claim).

So far I have only been able to provide them as separate claims in the custom policy (Technical Profile of the Sign Up/Sign In user journey):

<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" PartnerClaimType="emailLocal" />

What's the best way to approach this?

Answer 1

Hi @metalheart , The best way to approach this would be to map the email claim from the external identity provider to the signInNames.emailAddress claim in your custom policy. This way, you can ensure that the email address is consistent across all identity providers. You can do this by using the OutputClaimsTransformation element in your custom policy.

Here's an example of how you can map the email claim from the external identity provider to the signInNames.emailAddress claim in your custom policy:

<OutputClaims>
  <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" PartnerClaimType="email" />
</OutputClaims>

This will map the email claim from the external identity provider to the signInNames.emailAddress claim in your custom policy.

Please let me know if you have any questions and I can help you further.

If this answer helped you please mark it as "Verified" so other users can verify it.

Thank you,

James