Forum Discussion

EngineerAngelo's avatar
EngineerAngelo
Copper Contributor
Jun 20, 2025

Email Address in Entra ID not reflected to OpenLearning

We've configured SSO with OpenLearning but when a new user tries to login, the email address is not being passed on to OpenLearning. It says "It seems you already have an OpenLearning account" when it is his/her first time joining in. The OpenLearning support said to contact Microsoft support. Then the Microsoft support is passing the issue somewhere. Does anyone have encountered and resolved this issue?

1 Reply

Sort By
  • Surya_Narayana's avatar
    Surya_Narayana
    Iron Contributor
    Jun 22, 2025

    hi EngineerAngelo​ check below steps,

     

    Troubleshooting Steps

    1.Check Claims Mapping in Entra ID Enterprise App for OpenLearning

    • Go to Entra ID > Enterprise Applications > OpenLearning (SSO App).
    • Under Single sign-on > Attributes & Claims, verify that the email address is correctly mapped.
    • You should have a claim like this:

    pgsql

    CopyEdit

    Claim Name: email

    Source Attribute: user.mail OR user.userPrincipalName

    • If it uses user.userPrincipalName and that differs from their actual email (common in some orgs), switch it to user.mail.

    2.Verify the Unique Identifier Sent to OpenLearning

    • OpenLearning might be expecting email or nameID to be the user’s email.
    • Confirm with OpenLearning documentation or support what SAML attribute it expects as the unique user identifier.
    • If OpenLearning is using the wrong SAML attribute (e.g., using nameID but expecting email), a mismatch will occur.

    3.Check if email Claim is Missing

    • You can use SAML tracer (browser plugin) or Azure SAML Test (Preview) tool to inspect what values are actually being sent.
    • If the email field is blank or not included, OpenLearning assumes you're re-joining with a different or existing account.

    4.Confirm OpenLearning is Using SAML 2.0 Correctly

    • OpenLearning should correctly process attributes from SAML response.
    • Ask OpenLearning support: “Which SAML attribute is used as the primary user key?”
    • Ensure the value from Entra ID maps to that.

     

    Suggested Fix in Entra ID

    If you find that user.mail is empty for some users (common if mailbox isn't provisioned), use this expression instead:

    pgsql

    CopyEdit

    user.mail ?? user.userPrincipalName

    Set this in the claim for email.

     

    What You Can Do Now

    • Double-check claims mapping in Entra ID.
    • Use SAML tracer to see what's being passed to OpenLearning.
    • Ensure OpenLearning is not matching on nameID or another mismatched value.
    • Ask OpenLearning if they support user re-matching by email if it changes.

     

    Important

    The “already have an account” issue generally means OpenLearning is matching based on a field different than what your SSO is sending, possibly due to:

    • Incorrect nameID claim
    • Email field not sent at all
    • Email field mismatching with what was used to create a manual OpenLearning account earlier

     

Resources