We are in the analysis phase of our project and we were thinking to implement power pages for a B2C portal. Our client is an outsourcing company and its client is a bank. So who will need access to the portal are the bank customers to request some services from the bank.
The portal will be owned by the outsourcing company tenant.
The Active Directory where the customers will be located is the Bank AD
The bank customers they have duplicated e-mails. This means more than one contact will have the same e-mail.
The power page will be called by another website. This site will send us a Token where will be contained the bank customer information because it has been requested to have implemented the SSO. The bank customer shouldn't log in again in out portal if previously this action was done in the website.
Reading the documentation from Microsoft the username from the contact is used to identify the contact record who is making the log in the portal. But as well i read that for OpenId FAQs:
Does portals require any specific claim in an ID token*?
In addition to all required claims, the portals feature requires a claim representing the email address of users in the ID token. This claim must be named email, emails, or upn.
Apart from all the required claims, portals requires a claim representing email address of the users in the id_token. This claim must be named as either “email”, “emails” or “upn”.
These claims are processed at in the following order of priority to set as the Primary Email Address of the contact record in Dataverse:
When in use, "emailclaimsmapping" is also used to search for an existing contact (Primary Email Address field in Dataverse).
So my main concern is... If we can avoid using the email claims in the Token and in place of that we add the claim which is used to map the username of the contact table . Could be possible to get this SSO to our portal which is requested by the bank or not?