Users that use "Microsoft" login button get Guid as login, not email/upn

Infos:

• Used Zammad version: 6.5.2
• Used Zammad installation type: docker (self-hosted)
• Operating system: Ubuntu 24.04
• Browser + version: Edge (Windows 11)

Expected/Actual behavior:

• Customers that use “Microsoft” login for the first time create a new user record that as a Guid style “login” value. I expect the email address or UPN here. Unfortunately, it is not possible to specify the claim value that is used from the ID token to create the user?
• If you use a multi-tenant App registration, you cannot switch to Open ID Connect as issuer validation needs to be turned off then - which Zammad does not support.

Zammad understands both, the loginname and email address.
What the UI shows you is the login field only.

If you have a email address only, that email address also is set as login.
It has technically no downside, you just can’t see the mail adress in the interface in the list. (this shouldn’t be a problem though).

If you open or edit an existing, affected users, you should see the email address, too.

You’re right, the user itself looks good. So the mail issue is the User list, where you only see the cryptic Login Guid, but not the email address. Or is there a solution to modify the visible fields in the user list?

You cannot adjust the view of this listing. If you search for the users email address, Zammad still will filter the user affected.

I honestly don‘t understand why this seems to be such a big problem.

Well, it became an issue as everybody who sends an email to an ovserved mailbox is created as user and everybody who tries to login is also created. There is no option to check if the user already exists or if the domain matches with an active Organization. That can cause a lot of users, spam senders etc. to get accounts on the zammad instance.