Why email address is checked in SAML authentication?

Continuing the discussion from Migration to SAML authentication:

Why the email address is checked while login?
I have a local administrator (no SAML!) which I would like to configure with my personal email address.
The same email address is configured in my personal AD account.
If I have configured both SQ users with the same email address I cannot login anymore with SAML with the following error message:

This account is already associated with another authentication method.
Sign in using the current authentication method,
or contact your administrator to transfer your account to a different authentication method.

This is confusing because the configured identity is the domain user name (onpremisessamaccountname).

This applies to SQ version 9.9 and 10.0.


In fact, this applies much farther back than that. I’m not finding it in the docs (and I plan to raise that internally) but IIRC, we insist on email unicity because it does / can come into play for issue assignment.


Users should be assigned, now email addresses.
As explained there are two users with the same address: It is me in two different roles, user and (local) administrator.


I’ve confirmed internally that the email unicity requirement is because we use it in issue assignment. Perhaps your email admin can give you an alias?


Perhaps you can assign users, and send information on user’s email address.