User ID Used in Token with Linked Accounts

Account Linking
Sep 10, 2025
Overview

This article explains which user-id will be used in the token generated by Auth0 when a user has two linked accounts in the User Database in Auth0 under the following circumstances:

  • The primary account has an enterprise connection with Azure AD.
  • The secondary account uses the same email but a different user-id.
  • They are linked using the account-link-extension.
Applies To
  • Account linking
  • user-id
Solution
After both identities are linked into one, the user_id of the primary identity provider will be in the access_token.
 

NOTE:

  • The user_id and all other main profile properties continue to be those of the primary identity.

  • The first identity in the user.identities array is the primary identity.

  • The secondary account is now embedded in the user.identities array of the primary profile.

  • The attributes of the secondary account are placed inside the profileData field of the corresponding identity inside the array.

  • The user_metadata and app_metadata of the primary account has not changed.

  • The user_metadata and app_metadata of the secondary account are discarded.

  • There is no automatic merging of user profiles with associated identities.

  • The secondary account is removed from the user's list.

  • If the primary account is deleted, the secondary account is deleted as well.

Related References

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community