Hey again! We are integrating descope and want to allow users to sign up or in via magic link or SSO with Azure AD. Currently, if I go through the magic link sign up or sign in auth method and then after sso is configured for the tenant I use the same email that was previously used for the magic link, for sso a new user is generated in descope instead of mapping to the already existing user with the same email. I am assuming SSO mapping can help with this but am a bit confused how to map IdP values to supported descope values. Just looking for general direction here so two users with similar creds do not exist for any of our tenants. Thanks in advance!

so you are basically looking to "merge" the user based on email address ?

ideally yes

Hi Jack, please have a look here: https://www.descope.com/blog/post/descope-flows-securely-merging-oauth-identities This blog explains how to securely merge identities between different auth methods. Let us know if there are any questions about it.