...
That’s an important observation: The IDPEmail
attribute is an identifier, and moreover, it is actually used by the Office 365 application for access control. That leads directly to our next observation.
Tip | ||
---|---|---|
| ||
All user identifiers must be scope-checked by the relying party. |