I've followed the instructions here to set up the Azure AD multi-tenant custom policy in the Identity Experience Framework: https://docs.microsoft.com/en-gb/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom?tabs=applications
However I'm unable to get a claim back containing the email address (corresponding to the "user name" from the external active directory).
The main single-tenant active directory setup works fine, when I use this claim mapping (and the other "social" provider accounts work with PartnerClaimType="email"
):
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="upn" />
However I've tried the following combinations for the multi-tenant, and I don't seem to be getting the data back from the provider:
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="upn" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="mail" />
Please can someone let me know the correct claim mapping for this, to get the email output from the user flow?