Skip to main content

Federated Email Addresses

Assigning Emails to Federated CMS Users

The following describes the order of precedence when assigning an email to a user after federated login - i.e. via ADFS or Azure AD.

ADFS

The value of the email claim is assigned.

Azure AD - WsFederation_Azure_PrioritiseUPNForEmailAddress = 0

  1. Use 'email' claim, if present.
  2. Use MicrosoftGraph.User.Mail value, if present.
  3. Use first of MicrosoftGraph.User.OtherMails addresses, if present.
  4. Use the UPN, if it is already in an email format.
  5. Use the username constructed from UPN, if present. NB: The constructed username will be in the form of an email address.

Azure AD - WsFederation_Azure_PrioritiseUPNForEmailAddress = 1

  1. Use the UPN, if it is already in an email format.
  2. Use 'email' claim, if present.
  3. Use MicrosoftGraph.User.Mail value, if present.
  4. Use first of MicrosoftGraph.User.OtherMails addresses, if present.
  5. Use the username constructed from UPN, if present. NB: The constructed username will be in the form of an email address.