Entra ID as IDP - Not showing email or username #1720

Closed
opened 2025-11-20 06:05:23 -05:00 by saavagebueno · 6 comments
Owner

Originally created by @coccmo on GitHub (Mar 17, 2025).

Describe the problem

Entra ID as IDP - Not showing email or username

To Reproduce

Steps to reproduce the behavior:
Setup EntraID as the only IDP and login to dashboard

Expected behavior

When user is created, email, and name should be fetched. instead some random ID is fetched instead.

Are you using NetBird Cloud?

Selfhosted

NetBird version

Latest selfhosted version as per date.

Originally created by @coccmo on GitHub (Mar 17, 2025). **Describe the problem** Entra ID as IDP - Not showing email or username **To Reproduce** Steps to reproduce the behavior: Setup EntraID as the only IDP and login to dashboard **Expected behavior** When user is created, email, and name should be fetched. instead some random ID is fetched instead. **Are you using NetBird Cloud?** Selfhosted **NetBird version** Latest selfhosted version as per date.
saavagebueno added the idpself-hosting labels 2025-11-20 06:05:23 -05:00
Author
Owner

@nazarewk commented on GitHub (Mar 17, 2025):

The feature should be working as expected as long as the integration is configured according to the documentation.

Could you confirm that everything is set up correctly?

@nazarewk commented on GitHub (Mar 17, 2025): The feature should be working as expected as long as the integration is configured according to [the documentation](https://docs.netbird.io/selfhosted/identity-providers#azure-ad-microsoft-entra-id). Could you confirm that everything is set up correctly?
Author
Owner

@coccmo commented on GitHub (Mar 17, 2025):

yes, setup accordingly.. i can login that works no problem, but no fetching.

i can send my setup and managment files if needed

@coccmo commented on GitHub (Mar 17, 2025): yes, setup accordingly.. i can login that works no problem, but no fetching. i can send my setup and managment files if needed
Author
Owner

@coccmo commented on GitHub (Mar 17, 2025):

I found the issue :)

the documentation is missing some information..

in the management.json you have to put in AuthUserIDClaim: "oid"
I dont see this documented in the guide :)

"HttpConfig": {
"LetsEncryptDomain": "",
"CertFile": "/etc/letsencrypt/live//fullchain.pem",
"CertKey": "/etc/letsencrypt/live/
/privkey.pem",
"AuthAudience": "",
"AuthIssuer": "https://login.microsoftonline.com/
/v2.0",
"AuthUserIDClaim": "oid",
"AuthKeysLocation": "https://login.microsoftonline.com//discovery/v2.0/keys",
"OIDCConfigEndpoint": "https://login.microsoftonline.com/
/v2.0/.well-known/openid-configuration",
"IdpSignKeyRefreshEnabled": false,
"ExtraAuthAudience": ""
},

@coccmo commented on GitHub (Mar 17, 2025): I found the issue :) the documentation is missing some information.. in the management.json you have to put in AuthUserIDClaim: "oid" I dont see this documented in the guide :) "HttpConfig": { "LetsEncryptDomain": "", "CertFile": "/etc/letsencrypt/live/**********/fullchain.pem", "CertKey": "/etc/letsencrypt/live/**********/privkey.pem", "AuthAudience": "**********", "AuthIssuer": "https://login.microsoftonline.com/**********/v2.0", "AuthUserIDClaim": "oid", "AuthKeysLocation": "https://login.microsoftonline.com/**********/discovery/v2.0/keys", "OIDCConfigEndpoint": "https://login.microsoftonline.com/**********/v2.0/.well-known/openid-configuration", "IdpSignKeyRefreshEnabled": false, "ExtraAuthAudience": "" },
Author
Owner

@Gauss23 commented on GitHub (Mar 21, 2025):

In my Netbird Entra Deployment helper script it references the oid.
Don’t know where I have it from, but it was always there:
https://github.com/Gauss23/netbird-azure/blob/main/deploy/config-files/management.json

@Gauss23 commented on GitHub (Mar 21, 2025): In my Netbird Entra Deployment helper script it references the oid. Don’t know where I have it from, but it was always there: https://github.com/Gauss23/netbird-azure/blob/main/deploy/config-files/management.json
Author
Owner

@nazarewk commented on GitHub (Mar 21, 2025):

The Identity Providers documentation contains NETBIRD_AUTH_USER_ID_CLAIM="oid". @Gauss23
Is it not working/picking up properly when doing the configuration? @coccmo

4a66f17880/src/pages/selfhosted/identity-providers.mdx (L720-L720)

@nazarewk commented on GitHub (Mar 21, 2025): The Identity Providers documentation contains `NETBIRD_AUTH_USER_ID_CLAIM="oid"`. @Gauss23 Is it not working/picking up properly when doing the configuration? @coccmo https://github.com/netbirdio/docs/blob/4a66f1788058542420f874b676be90c9da6f1fbf/src/pages/selfhosted/identity-providers.mdx#L720-L720
Author
Owner

@coccmo commented on GitHub (Mar 23, 2025):

It works now... tried to reproduce, but wasnt able to :)

You can close this ticket

@coccmo commented on GitHub (Mar 23, 2025): It works now... tried to reproduce, but wasnt able to :) You can close this ticket
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#1720