feature request: Allow Syncing of Unverified Emails from Enterprise SSO

[jraoult]

What problem did you meet?

Logto's Enterprise SSO connector needs a user's email to be marked as verified by the company's login system. This can be a problem with some systems, like OneLogin, that don't include this verification by default see OneLogin documentation. Because of this, Logto won't save a user's email, even if it's correct. This makes it challenging to use Logto as a central place to manage user information.

Describe what you'd like Logto to have

Add an option in the Enterprise SSO connector settings to ignore the email_verified check. When this option is on, Logto will always sync the email address from the IdP.

This would give more flexibility for enterprise environments where a third party often manages the IdP (usually the customer's IT department)

[Rany0101]

Thanks for your feedback. This feature request has been added to our roadmap. We plan to add a toggle for OIDC connectors so developers can choose whether to sync unverified email addresses from enterprise identity providers.