I have enabled OIDC auth backend in my
vault instance using GSuite as my identity provider.
AFAIK, when a new user logs in, an entity is created, and
vault creates a UUID to be assigned to the newly created entity.
Is there a way to replace (or add to) the UUID with the user email of the IDP?
edit 1: I am currently using
user_claim = "sub" in the configuration of the
default oidc role but when running
vault read -format=json identity/entity/id list=true I don’t see any user emails in the entities related to the
edit 2: I have tried with
user_claim = "email" but now the log in fails with
claim “email” not found in token