ZITADEL•3mo ago

Account linking failed in invite flow with idp

Version: Zitadel Cloud 4.3.3
Login v2

Steps:

Setup OIDC provider
Create user and send invite
Click on link identity provider in invite screen
Login to idp (auth0) and redirect
Error is shown in Zitadel

The emails in Zitadel and auth0 are different.
Did I setup something wrong?

Bildschirmfoto_2025-10-13_um_10.41.18.png

Bildschirmfoto_2025-10-13_um_10.36.33.png

Bildschirmfoto_2025-10-13_um_10.30.19.png

Ask Inkeep•10/13/25, 8:44 AM

Hi @Jan, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.

Ask Inkeep•10/13/25, 8:44 AM

Answer

I wasn't able to find a direct answer, here are some relevant sources:

Let Users Login with Preferred Identity Provider : This explains the automatic linking options and account linking configurations that control when existing ZITADEL accounts can be linked with external IdP identities.
Add Generic OIDC Identity Provider : Documents the API for configuring OIDC providers with auto-linking options including AUTO_LINKING_OPTION_EMAILAUTO_LINKING_OPTION_EMAIL which may be relevant to your email matching issue.

Ask Inkeep•10/13/25, 8:44 AM

Feel free to tag @Ask Inkeep with additional questions.

JanOP•10/13/25, 9:37 AM

I tested different variations in the ipd settings.
Seems to be related to: https://github.com/zitadel/zitadel/issues/10589

Bildschirmfoto_2025-10-13_um_11.04.56.png

GitHub

[Bug]: Generic OAuth IdP registration fails because IdP intent does...

Preflight Checklist I could not find a solution in the documentation, the existing issues or discussions I have joined the ZITADEL chat Environment Self-hosted Version v4.0.2 Database PostgreSQL Da...

AAsk Inkeep Empty message

Ask InkeepAPP•10/13/25, 12:36 PM

Got it. Tagging @Rajat for additional help.

JanOP•10/13/25, 12:38 PM

Also fails with microsoft idp.
The insecure Microsoft login + autolinking works.
Invite flow with microsoft ipd fails too with: AddIDPLinkRequest.UserId: value length must be between 1 and 200 runes, inclusive

Rajat•10/14/25, 2:09 PM

hey @Jan I will take a look at it, thanks for reporting.

JanOP•10/14/25, 2:10 PM

You're welcome, I also opened an issue https://github.com/zitadel/zitadel/issues/10902

GitHub

[Bug]: Invite flow fails with generic oidc or microsoft provider ·...

Preflight Checklist I could not find a solution in the documentation, the existing issues or discussions I have joined the ZITADEL chat Environment ZITADEL Cloud Version 4.3.3 Database None Databas...

JJan You're welcome, I also opened an issue https://github.com/zitadel/zitadel/issues...

Rajat•10/14/25, 2:14 PM

thanks a lot Jan, this is the best way to get it addressed super quickly!.

Gigi the Giraffe (Zitadel)•10/14/25, 2:14 PM

Looks like you just helped out another community member! Thanks for being so helpful @1346540274674827395! You're now one step closer to leveling up—keep up the amazing peer support!