From 930b1aaa749fc671d05b694692e8d1899017669a Mon Sep 17 00:00:00 2001
From: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
Date: Wed, 18 Mar 2026 17:56:01 +0530
Subject: [PATCH] fix(go): use upn for pending user azure-ad; (#3924)

---
 pro/auth/azure-ad.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pro/auth/azure-ad.go b/pro/auth/azure-ad.go
index 2a546685..428e3fa6 100644
--- a/pro/auth/azure-ad.go
+++ b/pro/auth/azure-ad.go
@@ -85,7 +85,7 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
 		inviteExists = true
 	}
 	// check if user approval is already pending
-	if !inviteExists && logic.IsPendingUser(content.Email) {
+	if !inviteExists && (logic.IsPendingUser(content.Email) || logic.IsPendingUser(content.UserPrincipalName)) {
 		handleOauthUserSignUpApprovalPending(w)
 		return
 	}
@@ -107,6 +107,7 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
 					return
 				}
 				logic.DeleteUserInvite(content.Email)
+				logic.DeletePendingUser(content.UserPrincipalName)
 				logic.DeletePendingUser(content.Email)
 			} else {
 				if !isEmailAllowed(content.Email) {
@@ -114,7 +115,7 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
 					return
 				}
 				err = logic.InsertPendingUser(&models.User{
-					UserName:                   content.Email,
+					UserName:                   content.UserPrincipalName,
 					ExternalIdentityProviderID: string(content.ID),
 					AuthType:                   models.OAuth,
 				})