This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
I am evaluating currently Entra External ID / Customer IAM and compare it with Azure AD B2C. One thing that I can't get to work with the simplest of examples is to populate Entra's user's email field, when that user signs up with a simple User Flow (where the email field is a mandatory user attribute and verified during sign up using the OTP authentication provider as well). When I go to Entra > Identity > Users and look up the new user, the email field (and other emails field for that matter) are empty. What am I missing?
Thanks!
-Marco
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Marco vanW ,
Thanks for reaching out.
CIAM the new product in Microsoft Entra, which is currently in preview.
As it is still a work in progress, we appreciate your valuable feedback. I will review your inquiries with the product team and get back to you with the necessary information.
Thanks,
Shweta
Hi @Marco vanW ,
Thanks for reaching out and apologies for the delay in response.
Microsoft Entra External ID for customers /Customer identity access management (CIAM) is a new product in Microsoft Entra to manage external identity use cases.
In CIAM, customer accounts are mostly created programmatically when users sign up through an application.
I tried to sign up the user using the application as mentioned here and was able to get the user email in the claim preferred_username as I sign-up with email.
and the same email value has been reflected in the user properties(Email) as well.
However, if you created the customer directly in the portal, then user's properties are not reflected. We are working on that, but the expectation is as CIAM is for customers, customers should self-sign up through the application.
If you are also trying to sign up the user through an application and facing issues while doing so, please share the reference link of the application you are using along with screenshots to help you further.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
@Shweta Mathur This is a very interesting piece of information. Since "Microsoft Entra External ID for customers / Customer identity access management (CIAM)" provides a customizable sign-up and sign-in User Flow, one would expect that the data captured by this flow would all be saved accordingly in the tenant, including the email address. This would be especially useful, because the email address has been verified by Microsoft (using OTP). Now it seems as if the application must implement its own email verification flow.
@Shweta Mathur When I create an out-of-the-box User Flow and select Email Account > OTP as Identity Provider, then the ID token does contain the email claim. When I select Email Account > Password it does not. Now I would like to know whether this is by design or something that still needs to get ironed out.
Thanks!
-Marco
Hi @Marco vanW ,
Apologies for the delay in response.
This is expected behavior.
As with Microsoft Entra External ID, you can collaborate with partners and guests (B2B) or add customer identity and access (CIAM) management to your customer-facing apps.
For CIAM, users are allowed to sign in using various authentication methods (email, username, IDP)
If you're looking for email for what CIAM user signed up with, you need to check the Identities collection and see "IssuerAssignedId".
Hope this will help.
Thanks,
Shweta
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 3%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
Hello @Shweta Mathur
We faced the same problem here and we discovered that IssuerAssignedId is set to the email you use during the sign up when you use email & password (Local Accounts).
Our problem is IssuerAssignedId is set to Google user account ID instead of the email when you signup using Google as your identity provider. We need to get the email during the signup to do some verification processes.What do you recommend?
Thanks,
Tony