Cannot turn email-field off from user field mappings

[kkiiskin]

Hi

we need NOT to bring emailaddress to users from Azure AD, but seems you can't turn it off anymore

Sometimes userdata is brought form other sources as well as Azure AD and there is need to configure the fields accordingly.

[mmulrthelp]

@kkiiskin have you tried setting the lock value for email to Locked ?

Regards, Ray Reid.

[weilai-irl]

Hi @kkiiskin,

I confirm this change was made on purpose.

The issue this change tried to solve is, if the email address profile field is not mapped, new account being created in either user sync or initial login would have empty email address initially. Even if the user tries to update email after the account is created, Moodle requires a validation step which involves sending an email to the previous email address, which is empty, so this will never be delivered. Effectively this means that only site admins can update the email profile field for the user.

In most cases, the Moodle email address profile field should match either the UPN or the email field of Microsoft 365 profile, therefore this change was made. Through my discussions with a few of our clients who use the integration, this change reduces confusion for them.

I understand there might be exceptional cases. Without reverting this change, could you confirm if setting the "Update local (Email address)" setting to the option "On creation" would solve this issue? This will effectively mean that the email profile field will not be updated on user login or user sync scheduled task run. I assume Moodle accounts would be created separately (i.e. not by initial login using Microsoft 365 account) in this case.

Regards, Lai

[kkiiskin]

Hi @weilai-irl

it did solve the issue, thank you. And you are right, in this case the Moodle accounts are created and updated from on-premises AD, just the authentication is done against Azure AD.