Skip to main content
Browse Documentation

Assigning emails to federated CMS users

Created by r.bromley, last updated 10 Aug 2021

The following describes the order of precedence when assigning an email to a user after federated login, such as via AD FS or Azure AD.

AD FS

The value of the email claim is assigned.

Azure AD

WsFederation_Azure_PrioritiseUPNForEmailAddress = 0

  1. Use MicrosoftGraph.User.Mail value, if present.
  2. Use first of MicrosoftGraph.User.OtherMails addresses, if present.
  3. Use the UPN, if it is already in an email format.
  4. Use the username constructed from UPN, if present.

The constructed username will be in the form of an email address.

WsFederation_Azure_PrioritiseUPNForEmailAddress = 1

  1. Use the UPN, if it is already in an email format.
  2. Use 'email' claim, if present.
  3. Use MicrosoftGraph.User.Mail value, if present.
  4. Use first of MicrosoftGraph.User.OtherMails addresses, if present.
  5. Use the username constructed from UPN, if present.

The constructed username will be in the form of an email address.