Required User Attributes (Claims) from Azure AD
TeC uses the following claims from the ID token returned by Azure AD. These claims are used to identify and match users in TeC.
| Claim | Required | Source | Purpose in TeC |
|---|---|---|---|
| iss | Required | Standard | Identifies the Identity Provider (IdP). Combined with sub for unique user identification. |
| sub | Required | Standard | Unique user identifier from the IdP. Does not change even if the user's email changes. |
| Required | Optional claim | Primary claim for user lookup and identity resolution. Must be configured as an optional claim in Azure AD. | |
| preferred_username | Fallback | Standard | Used if email claim is absent. |
| upn | Fallback | Azure AD | Used if both email and preferred_username are absent. |