In this article:
    Applicable to:
    • Twingate Component: Identity Provider - Microsoft (social) via an Entra ID account

    Overview

    Entra ID allows accounts to be configured without an associated email address. As such, an admin or service account may not have an email inbox, but it may have the username in UPN format (user@domain.tld).

    An email address is required for all social logins, including Microsoft. However, email is not required when logging in through the tenant’s configured Entra ID Identity Provider (IdP).

    This may lead to confusion, as it can appear that the user has an email address when, in reality, the Email attribute is not populated in Entra ID. Since Twingate requires this attribute for Microsoft social logins, the login attempt fails.

    Symptoms

    1. Attempting to sign in via Microsoft social login, via an account within EntraID.
    2. The error There is no matching user in this tenant is returned unexpectedly.

    Troubleshooting

    1. For Twingate Admins: Ensure the user has been invited to the Twingate network.
    2. For Twingate Users:

      1. Verify that you are attempting to sign in to the correct Twingate network (https://<my_tenant>.twingate.com).

    3. Ensure the email address used for login matches the one registered with Twingate.

    Resolution

    The email address associated with the invited Twingate account must be set in the Mail attribute within Entra ID. If missing, an administrator must update the attribute to allow authentication via Microsoft social login.