You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -112,9 +112,9 @@ To [test](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) tha
112
112
113
113
If your organization's UPNs do not match users' email addresses, you must add a custom claim for email. For example, if your organization's email format is `[email protected]` but the UPN is `[email protected]`, you must create an email claim if you are configuring email-based policies.
114
114
115
-
By default, Cloudflare will look for an `email` claim in the JSON response. If an `email` claim does not exist, it will look for the unique claim name you created to represent email (for example, `email_identifier`). Last, if neither option exists, Cloudflare will then look for the UPN claim sent in the JSON response.
115
+
By default, Cloudflare will first look for the unique claim name you created and configured in the Cloudflare dashboard to represent email (for example, `email_identifier`) in the `id_token` JSON response. If you did not configure a unique claim name, Cloudflare will then look for an `email` claim. Last, if neither claim exists, Cloudflare will look for the UPN claim.
116
116
117
-
To receive an email claim in a JSON response from Microsoft Entra, you must:
117
+
To receive an email claim in the `id_token` from Microsoft Entra, you must:
118
118
119
119
1. In the [Microsoft Entra admin center](https://entra.microsoft.com/), go to **Application** > **App registration** > select the relevant application > **Manage** > **Token configuration**.
120
120
2. Add a claim for email.
@@ -123,7 +123,7 @@ To receive an email claim in a JSON response from Microsoft Entra, you must:
123
123
124
124
The example above includes both a UPN claim and an email claim. Because an email claim was created in the Microsoft Entra configuration, Cloudflare will look for the `email` key-value pair in the JSON response.
125
125
126
-
3. If you gave your email claim another name than `email`, in[Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication** > **Azure AD** > **Edit**.
126
+
3. If you gave your email claim another name than `email`, you must update your configuration in the Cloudflare dashboard. In[Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication** > **Azure AD** > **Edit**.
127
127
4. Under **Optional configurations** > **Email claim**, enter the name of the claim representing your organization's email addresses.
0 commit comments