Power Platform Community Forum Thread Details

ContactMappingAttribute is not working at expected with OpenID Connect

We have a Power Pages site which is configured to be authenticated with IBM IDAM using OpenID Connect.

The authentication is working fine, However, the ask is that instead of using Email Address as the primary contact attribute, use another custom attribute.

For example, the JWT token is returning an attribute EmpID.

We have created an additional column in contact table with logical name org_EmpID.

in site setting, we have applied the following settings

Authentication/OpenIdConnect/OpenId_1/AllowContactMappingWithEmail is set to false
Authentication/OpenIdConnect/OpenId_1/ContactMappingAttribute is set to org_EmpID
Authentication/OpenIdConnect/OpenId_1/ClaimsMapping/org_EmpID is set to EmpID

but it is still considering email address as the primary column.

I have also tried to use the UserInfoEndpoint approach, but still not working.

FYI, we have the following settings, which is working fine, and in the contact table required column values are reflecting. It means the token is returning the required data.

Authentication/OpenIdConnect/OpenId_1/LoginClaimsMapping is set to org_EmpID=EmpID.

Let me know if anyone has scenario or provide any guidance.

Categories:

General

@mohsinabdul1

Although these configurations are applied, Power Pages continues to use the email address as the primary contact identifier and does not recognise custom mapping.
Consider the following steps:
1. Ensure EmpID is Unique and Consistent
Power Pages relies on the claim value to locate or create a contact record. If EmpID is not globally unique, the system may default to using the email address.
2. Add sub Claim Mapping
Map EmpID to the sub claim in your authentication token, or configure:
`Authentication/OpenIdConnect/OpenId_1/ContactMappingAttribute = sub`
The sub claim is often regarded by Power Pages as the definitive unique identifier.
3. Utilise the External Identity Table
Rather than depending exclusively on the contact table, consider using the External Identity table to store and associate EmpID values.
4. Implement Custom Logic via Webhooks or Plugins
If needed, intercept the sign-in process with a plugin or webhook to match EmpID to the appropriate contact manually, ensuring alignment with your requirements and overriding the default behaviour.

This content may have been partially translated, structured, or generated with Copilot 🏷️ Tag me if you have any further questions or if the issue persists. ✅ Click "Accept as Solution" if my post helped resolve your issue—it helps others facing similar problems. ❤️ Give it a Like if you found the approach useful in any way.

Quick Links