UPN Transformation
Flow Classic.
Issue: you have guest users in your Entra ID from different identity providers (for example, Gmail, O356, etc). Typically perhaps having different subcontractors or suppliers that you wish to log on to your Flow.
An issue could then be that you cannot find a common denominator between the IDPs'.
Perhaps 'email' works as a UserNameClaimsKey for supplier A, but not for supplier B since they use 'upn'.
A workaround worth considering could be to create a transformation rule in EntraID. In the example below internal users (non "EXT", meaning non guest users) get their user.mail value, and for externals users.userprincipalname is being used. This is just an example transformation.
The name you give your transformation is then what you map to the UserNameClaimsKey under the OpenID setting in Flow Studio
Last updated