How can we help?

Combining email aliases using Merge Users

Uri Hershkovitz
Uri Hershkovitz
  • Updated


Torii identifies users through their unique email addresses. Whenever a new email address is detected from an app or any other source, Torii generates a new user. This process ensures comprehensive tracking of app activities, aiding in cost-saving measures by uncovering instances where an individual has multiple user accounts for the same app.

People may have multiple emails associated with them across different systems due to various reasons (such as name change, domain change, emails used across different regions, among others).

For this reason, Torii’s Merge Users feature will automatically detect multiple email aliases for a single employee, providing IT the option to merge aliases with a single click of a button. By merging aliases, Torii provides a complete picture of each user’s apps, licenses, costs and more, as well as supporting automating actions across all users a person has.

The Merge Users feature currently supports merging users based on data coming in from an IDP source. You can choose to either:

  • Merge users based on these fields in Azure Active Directory:
    • “proxyAddresses”
      • You can find this field in the Microsoft 365 admin center under UsersActive usersManage username and email
    • “Other emails”
      • You can find this field in your Azure portal User management section under AllUsers → choose a user -> Edit properties -> Contact Information

  • Merge users based on the “Emails” field in Google Workspace, which takes data from these fields in the Google Workspace UI:
    • “Contact information”
    • “Alternate email addresses (email alias)”
      • You can find these fields in the Google admin center under  Users -> choose a user -> User information

Notes on updating your IDP Fields

  • Each field has different specifications regarding which email addresses it can support:
IDP Email Field Supported domains Additional notes
Azure “proxyAddresses” Managed domains only The user you want to add an alias to must have an Exchange Online license. Read Microsoft’s help article on this here
Azure “Other emails” Any email address  
Google “Alternate email addresses (email alias)” Managed domains only You cannot add an email that belongs to a user in a managed domain as an alias to another user
Google “Contact information” Non-managed domains only  


Configuring the Merge Users feature

To activate the merge users feature, navigate to the SettingsUsers & Employees tab. Then, click on the “Configure Merge” button under the “Merge Users” section, and follow the instructions to set up the Merge Users feature. This should only take a few moments.

Screenshot 2024-03-10 at 11.59.50.png

Screenshot 2024-03-10 at 12.01.13.png

We highly recommend you select the “Email full changes report” and review the data before turning this feature on. In case of data discrepancy, please verify that user aliases configured in your IDP of choice are set up correctly. but don’t worry, this feature is completely reversible with no loss of data, should you choose to do so.

After configuring the Merge Users feature, you will be able to edit the merge configuration and/or revoke the merge from the SettingsUsers & Employees tab. Selecting either option will reopen the wizard and inform you of the expected changes.


Where will I feel the effects of this feature?

Changes to the UI

Once Merge Users has been configured (and after a short sync), you will notice changes in Torii due to all “users” for a person being consolidated:

  • User numbers will be updated to reflect the new user count in Torii.
  • You will only be able to see the merged users in Torii - the individual users who comprise them have become their additional emails. You can still search for specific emails - they will lead you to the new merged user.
  • App owners & other fields which point to a specific user (contract owner, workflow created by, etc.) will all be updated to reflect the relevant merged users.
  • Annual cost & number of apps for each user will now be calculated based on all the users merged together for each person.
  • The app catalog will display all apps a person has access to, from all their users combined.
  • A new “email” column will be added in several areas on the UI to help explain to which of the user’s email the data is referring to. For example, when looking at unused licenses, you will still see who the user is, but you will also see which of their emails is associated with the unused license. This feature will help you take action on the correct emails within the apps and to differentiate in cases where a user has multiple emails in use for that app.

Changes to workflows and actions

For the most part, workflows and actions will continue to operate with no changes.

There are some exceptions:

  • Actions which contact a user (such as sending an email, or via Slack) will always first attempt to contact the user’s primary email, regardless of which of their emails triggered the workflow.
  • Actions which link a user to a ticket (such as Create Jira Cloud issue) will always first attempt to contact the user’s primary email, regardless of which of their emails triggered the workflow. If that email is not associated with the relevant software, Torii will find the email which is, and put it in the relevant field(s).

Changes to offboarding

With Merge Users feature turned on, when you begin offboarding for a user, all emails and app accounts associated with that user will be deprovisioned as per the offboarding settings you’ve defined in Torii.

The merged user’s status will be set based on the status of the user who was previously associated with the primary email of the merged user.

Here’s an example - let’s say we merge these users together: (current), and (past).

  • If is the primary email for the merged user, then the merged user will be a current user.
  • If is the primary email for the merged user, then the merged user will be a past user.

What about users in the process of being offboarded?

  • User (and all their email aliases) will begin or stop offboarding together. A change in the status of the user’s primary email will apply to all other email aliases.

Changes to Torii Login

If a person had multiple users in Torii prior to enabling the Merge users feature, these will now be consolidated into one user. As a security precaution, we only allow one email and password combination to be valid per user. For your employees, this will be the password associated with their primary email address - please ask them to log in to Torii using that information.

In case a person has multiple Torii admin users in the system, the permission set associated with their primary email address will be retained when merging users.

Changes to Discovery

Torii’s browser extension does not currently support discovery for email aliases. If you are using the extension in authenticated mode, and an employee has the extension installed for more than one email, only data from the primary email will be collected.

Important notes

  • As a precaution in cases where merging users may lead to an incorrect state in Torii, we have elected not to merge specific users in the following cases:
    • Employees (as defined by the employee SOT configuration) can’t be merged into other users. This is relevant for cases such as where a person’s email becomes their superior’s alias when they are terminated.
    • If a user is an alias to multiple other users, they will not be merged. This is to prevent merging the wrong users together.
    • A user with aliases of their own cannot be merged into another user. This is to prevent cases where a user is an alias of an alias, and similar situations where the logic may break.


Q: Why are some of my email aliases not appearing under my user's additional emails?

A: Under "additional emails", Torii shows all emails for which both of the following are true:

  • The email is defined as an alias for your primary email address in your IDP
  • The email was discovered from an integration or one of Torii's other discovery sources at least once. (i.e. if your personal email is set as an alias in Google, but you aren't using it in any work-related app, it will not have been discovered by Torii and shown in this field). 


Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request