diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountController.cs b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountController.cs
index 2beb653a08f..e19628fd5a3 100644
--- a/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountController.cs
+++ b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountController.cs
@@ -2,6 +2,9 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
+using System.Text.Json;
+using System.Text.Json.Nodes;
+using System.Text.Json.Settings;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
@@ -12,6 +15,8 @@
 using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.Localization;
 using Microsoft.Extensions.Logging;
+using Microsoft.IdentityModel.Tokens;
+using OrchardCore.ContentManagement;
 using OrchardCore.DisplayManagement;
 using OrchardCore.DisplayManagement.ModelBinding;
 using OrchardCore.DisplayManagement.Notify;
@@ -48,6 +53,12 @@ public class AccountController : AccountBaseController
         private readonly IDistributedCache _distributedCache;
         private readonly IEnumerable<IExternalLoginEventHandler> _externalLoginHandlers;
 
+        private static readonly JsonMergeSettings _jsonMergeSettings = new()
+        {
+            MergeArrayHandling = MergeArrayHandling.Replace,
+            MergeNullValueHandling = MergeNullValueHandling.Merge
+        };
+
         protected readonly IHtmlLocalizer H;
         protected readonly IStringLocalizer S;
 
@@ -300,24 +311,31 @@ public IActionResult ExternalLogin(string provider, string returnUrl = null)
 
         private async Task<SignInResult> ExternalLoginSignInAsync(IUser user, ExternalLoginInfo info)
         {
-            var claims = info.Principal.GetSerializableClaims();
+            var externalClaims = info.Principal.GetSerializableClaims();
             var userRoles = await _userManager.GetRolesAsync(user);
-            var context = new UpdateRolesContext(user, info.LoginProvider, claims, userRoles);
+            var userInfo = user as User;
 
+            var context = new UpdateUserContext(user, info.LoginProvider, externalClaims, userInfo.Properties)
+            { 
+                UserClaims = userInfo.UserClaims,
+                UserRoles = userRoles,
+            };
             foreach (var item in _externalLoginHandlers)
             {
                 try
                 {
-                    await item.UpdateRoles(context);
+                    await item.UpdateUserAsync(context);
                 }
                 catch (Exception ex)
                 {
-                    _logger.LogError(ex, "{ExternalLoginHandler}.UpdateRoles threw an exception", item.GetType());
+                    _logger.LogError(ex, "{ExternalLoginHandler}.UpdateUserAsync threw an exception", item.GetType());
                 }
             }
 
-            await _userManager.AddToRolesAsync(user, context.RolesToAdd.Distinct());
-            await _userManager.RemoveFromRolesAsync(user, context.RolesToRemove.Distinct());
+            if (await UpdateUserPropertiesAsync(_userManager, userInfo, context))
+            {
+                await _userManager.UpdateAsync(user);
+            }
 
             var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor: true);
 
@@ -779,6 +797,61 @@ public async Task<IActionResult> RemoveLogin(RemoveLoginViewModel model)
             return RedirectToAction(nameof(ExternalLogins));
         }
 
+        public static async Task<bool> UpdateUserPropertiesAsync(UserManager<IUser> userManager, User user, UpdateUserContext context)
+        {
+            await userManager.AddToRolesAsync(user, context.RolesToAdd.Distinct());
+            await userManager.RemoveFromRolesAsync(user, context.RolesToRemove.Distinct());
+
+            var userNeedUpdate = false;
+            if (context.PropertiesToUpdate != null)
+            {
+                var currentProperties = user.Properties.DeepClone();
+                user.Properties.Merge(context.PropertiesToUpdate, _jsonMergeSettings);
+                userNeedUpdate = !JsonNode.DeepEquals(currentProperties, user.Properties);
+            }
+
+            var currentClaims = user.UserClaims.
+            Where(x => !x.ClaimType.IsNullOrEmpty()).
+            DistinctBy(x => new { x.ClaimType, x.ClaimValue }).
+            ToList();
+
+            var claimsChanged = false;
+            if (context.ClaimsToRemove != null)
+            {
+                var claimsToRemove = context.ClaimsToRemove.ToHashSet();
+                foreach (var item in claimsToRemove)
+                {
+                    var exists = currentClaims.FirstOrDefault(claim => claim.ClaimType == item.ClaimType && claim.ClaimValue == item.ClaimValue);
+                    if (exists is not null)
+                    {
+                        currentClaims.Remove(exists);
+                        claimsChanged = true;
+                    }
+                }
+            }
+
+            if (context.ClaimsToUpdate != null)
+            {
+                foreach (var item in context.ClaimsToUpdate)
+                {
+                    var existing = currentClaims.FirstOrDefault(claim => claim.ClaimType == item.ClaimType && claim.ClaimValue == item.ClaimValue);
+                    if (existing is null)
+                    {
+                        currentClaims.Add(item);
+                        claimsChanged = true;
+                    }
+                }
+            }
+
+            if (claimsChanged)
+            {
+                user.UserClaims = currentClaims;
+                userNeedUpdate = true;
+            }
+
+            return userNeedUpdate;
+        }
+
         private async Task<string> GenerateUsernameAsync(ExternalLoginInfo info)
         {
             var ret = string.Concat("u", IdGenerator.GenerateId());
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Handlers/ScriptExternalLoginEventHandler.cs b/src/OrchardCore.Modules/OrchardCore.Users/Handlers/ScriptExternalLoginEventHandler.cs
index 14a3cdf45f2..96d49701be7 100644
--- a/src/OrchardCore.Modules/OrchardCore.Users/Handlers/ScriptExternalLoginEventHandler.cs
+++ b/src/OrchardCore.Modules/OrchardCore.Users/Handlers/ScriptExternalLoginEventHandler.cs
@@ -1,6 +1,8 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Text.Json;
+using System.Text.Json.Nodes;
+using System.Text.Json.Settings;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using OrchardCore.Scripting;
@@ -14,6 +16,11 @@ public class ScriptExternalLoginEventHandler : IExternalLoginEventHandler
         private readonly ILogger _logger;
         private readonly IScriptingManager _scriptingManager;
         private readonly ISiteService _siteService;
+        private static readonly JsonMergeSettings _jsonMergeSettings = new JsonMergeSettings
+        {
+            MergeArrayHandling = MergeArrayHandling.Union,
+            MergeNullValueHandling = MergeNullValueHandling.Merge
+        };
 
         public ScriptExternalLoginEventHandler(
             ISiteService siteService,
@@ -45,15 +52,46 @@ public async Task<string> GenerateUserName(string provider, IEnumerable<Serializ
             return string.Empty;
         }
 
-        public async Task UpdateRoles(UpdateRolesContext context)
+        public async Task UpdateUserAsync(UpdateUserContext context)
         {
             var loginSettings = (await _siteService.GetSiteSettingsAsync()).As<LoginSettings>();
+            UpdateUserInternal(context, loginSettings);
+        }
+
+        public void UpdateUserInternal(UpdateUserContext context, LoginSettings loginSettings)
+        {
             if (loginSettings.UseScriptToSyncRoles)
             {
                 var script = $"js: function syncRoles(context) {{\n{loginSettings.SyncRolesScript}\n}}\nvar context={JConvert.SerializeObject(context, JOptions.CamelCase)};\nsyncRoles(context);\nreturn context;";
                 dynamic evaluationResult = _scriptingManager.Evaluate(script, null, null, null);
                 context.RolesToAdd.AddRange((evaluationResult.rolesToAdd as object[]).Select(i => i.ToString()));
                 context.RolesToRemove.AddRange((evaluationResult.rolesToRemove as object[]).Select(i => i.ToString()));
+
+                if (evaluationResult.claimsToUpdate is not null)
+                {
+                    var claimsToUpdate = ((JsonArray)JArray.FromObject(evaluationResult.claimsToUpdate)).Deserialize<List<UserClaim>>(JOptions.CamelCase);
+                    context.ClaimsToUpdate.AddRange(claimsToUpdate);
+                }
+
+                if (evaluationResult.claimsToRemove is not null)
+                {
+                    var claimsToRemove = ((JsonArray)JArray.FromObject(evaluationResult.claimsToRemove)).Deserialize<List<UserClaim>>(JOptions.CamelCase);
+                    context.ClaimsToRemove.AddRange(claimsToRemove);
+                }
+
+                if (evaluationResult.propertiesToUpdate is not null)
+                {
+                    var result = (JsonObject)JObject.FromObject(evaluationResult.propertiesToUpdate);
+                    if (context.PropertiesToUpdate is not null)
+                    {
+                        // Perhaps other provider will fill some values. we should keep exists value.
+                        context.PropertiesToUpdate.Merge(result, _jsonMergeSettings);
+                    }
+                    else
+                    {
+                        context.PropertiesToUpdate = result;
+                    }
+                }
             }
         }
     }
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettings.Edit.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettings.Edit.cshtml
index 4761a5a8b95..8b274cfbc9e 100644
--- a/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettings.Edit.cshtml
+++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettings.Edit.cshtml
@@ -60,101 +60,152 @@
     <div class="form-check">
         <input type="checkbox" class="form-check-input" asp-for="UseScriptToSyncRoles" />
         <span asp-validation-for="UseScriptToSyncRoles"></span>
-        <label class="form-check-label" asp-for="UseScriptToSyncRoles">@T["Use a script to set user roles based on external provider claims"]</label>
+        <label class="form-check-label" asp-for="UseScriptToSyncRoles">@T["Use a script to set user roles, user claims and user properties based on external provider claims"]</label>
         <span class="hint dashed">@T["If selected, any IExternalLoginEventHandlers defined in modules are not triggered"]</span>
     </div>
-    <pre>
-*************************************************************************************************
-* context           : {user,loginProvider,claims[],currentRoles[],rolesToRemove[],rolesToAdd[]} *
-* ============================================================================================= *
-* -user             : {userName}                                                                *
-*  -userName        : String                                                                    *
-* -loginProvider    : String                                                                    *
-* -externalClaims   : [{subject,issuer,originalIssuer,properties[],type,value,valueType}]       *
-*  -subject         : String                                                                    *
-*  -issuer          : String                                                                    *
-*  -originalIssuer  : String                                                                    *
-*  -properties      : [{key,value}]                                                             *
-*   -key            : String                                                                    *
-*   -value          : String                                                                    *
-*  -type            : String                                                                    *
-*  -value           : String                                                                    *
-*  -valueType       : String                                                                    *
-* -rolesToAdd       : [String]                                                                  *
-* -rolesToRemove    : [String]                                                                  *
-* ============================================================================================= *
-*    Description                                                                                *
-* --------------------------------------------------------------------------------------------- *
-*    Use the loginProvider and externalClaims properties of the context variable to inspect     *
-*    who authenticated the user and with what claims. Check currentRoles property and apply     *
-*    your business logic to fill the rolesToAdd and rolesToRemove arrays in order to update     *
-*    the roles of the user                                                                      *
-*************************************************************************************************
-</pre>
+    <div class="mb-3" id="doc_editor" asp-for="Text" style="min-height: 500px;max-width:750px" class="form-control"></div>
 </div>
 
-<div class="mb-3" asp-validation-class-for="SyncRolesScript">
-    <button type="button" class="btn btn-secondary mb-2" onclick="resetScript(false)">@T["Reset Script"]</button>
-    <textarea asp-for="SyncRolesScript" rows="1" class="form-control content-preview-text"></textarea>
+<div class="mb-3" asp-validation-class-for="SyncRolesScript" id="SyncRolesScript_wrapper">
+    <button type="button" class="btn btn-secondary mb-2" onclick="resetScript()">@T["Reset Script"]</button>
+    <div class="mb-3" asp-validation-class-for="SyncRolesScript"
+         id="@Html.IdFor(x => x.SyncRolesScript)_editor" asp-for="Text" style="min-height: 400px;" class="form-control"></div>
+    <textarea asp-for="SyncRolesScript" hidden>@Html.Raw(Model.SyncRolesScript)</textarea>
 </div>
 
-<script at="Foot">
-    function resetScript(keepText) {
-        var editor = $('#@Html.IdFor(x => x.SyncRolesScript)').data('editor');
-        if (!keepText) {
-            editor.doc.setValue(
-                '/* Uncomment to map AzureAd\n' +
-                'switch (context.loginProvider) {\n' +
-                '    case "AzureAd":\n' +
-                '        context.externalClaims.forEach(claim => {\n' +
-                '            if (claim.type === "http://schemas.microsoft.com/ws/2008/06/identity/claims/role") {\n' +
-                '                switch (claim.value) {\n' +
-                '                    case "Writer":\n' +
-                '                        context.rolesToAdd.push("Author");\n' +
-                '                        break;\n' +
-                '                    case "Admin":\n' +
-                '                        context.rolesToAdd.push("Administrator");\n' +
-                '                        break;\n' +
-                '                    default:\n' +
-                '                        log("Warning", "Role " + claim.value + " was not handled");\n' +
-                '                        break;\n' +
-                '                }\n' +
-                '            }\n' +
-                '        });\n' +
-                '        break;\n' +
-                '    default:\n' +
-                '        log("Warning", "Provider " + context.loginProvider + " was not handled");\n' +
-                '        break;\n' +
-                '}\n' +
-                '*/\n'
-            );
-        }
+<script asp-name="monaco" at="Foot"></script>
+<script at="Foot" depends-on="monaco">
+
+    function resetScript() {
+        codeEditor.getModel().setValue(
+            '/* Uncomment to map AzureAd\n' + 'switch (context.loginProvider) {\n' +
+            '    case "AzureAd":\n' +
+            '        context.claimsToUpdate={"displayName":"UserDisplayName"}\n' +
+            '        context.propertiesToUpdate={"UserProfile":{"UserProfile":{"DisplayName":"UserDisplayNameValue"}}}\n' +
+            '        context.externalClaims.forEach(claim => {\n' +
+            '            if (claim.type === "http://schemas.microsoft.com/ws/2008/06/identity/claims/role") {\n' +
+            '                switch (claim.value) {\n' +
+            '                    case "Writer":\n' +
+            '                        context.rolesToAdd.push("Author");\n' +
+            '                        break;\n' +
+            '                    case "Admin":\n' +
+            '                        context.rolesToAdd.push("Administrator");\n' +
+            '                        break;\n' +
+            '                    default:\n' +
+            '                        log("Warning", "Role " + claim.value + " was not handled");\n' +
+            '                        break;\n' +
+            '                }\n' +
+            '            }\n' +
+            '        });\n' +
+            '        break;\n' +
+            '    default:\n' +
+            '        log("Warning", "Provider " + context.loginProvider + " was not handled");\n' +
+            '        break;\n' +
+            '}\n' +
+            '*/\n'
+        );
     }
+
+// don't format here.
+const suggestion = `/**                                                                     
+* Use the loginProvider and externalClaims properties of the context variable to inspect
+* who authenticated the user and with what claims. Check currentRoles property and apply
+* your business logic to fill the rolesToAdd and rolesToRemove arrays in order to update
+*/
+const context = {} as Context;
+type Context = {
+    readonly user: {  
+        userName: string;
+        userRoles: string[];
+        userClaims: { claimType: string; claimValue: string; }[];
+        userProperties: { [key: string]: string };
+    },
+    readonly loginProvider: string,
+    rolesToAdd: string[];
+    rolesToRemove: string[];
+    claimsToUpdate: { claimType: string; claimValue: string; }[];
+    claimsToRemove: { claimType: string; claimValue: string; }[];
+    propertiesToUpdate: { [key: string]: string };
+    externalClaims: readonly [{
+        valueType: string;
+        type: string;
+        value: string;
+        subject: string;
+        issuer: string;
+        originalIssuer: string;
+        properties: { [key: string]: string };
+    }]
+}`
+    var codeEditor;
+    document.addEventListener('DOMContentLoaded', function () {
+        require(['vs/editor/editor.main'], function () {
+
+            const html = document.documentElement;
+            const mutationObserver = new MutationObserver(setTheme);
+            mutationObserver.observe(html, { attributes: true });
+
+            function setTheme() {
+                var theme = html.dataset.bsTheme;
+                if (theme === 'dark' || (theme === 'auto' && window.matchMedia('(prefers-color-scheme: dark)').matches)) {
+                    monaco.editor.setTheme('vs-dark')
+                } else {
+                    monaco.editor.setTheme('vs')
+                }
+            }
+            setTheme();
+
+            var editor = monaco.editor.create(document.getElementById('@Html.IdFor(x => x.SyncRolesScript)_editor'), {
+                automaticLayout: true,
+                language: "javascript"
+            });
+            codeEditor = editor;
+            monaco.languages.typescript.javascriptDefaults.addExtraLib(suggestion + "const context = {} as Context", 'suggestion.d.ts');
+
+            var docEditor = monaco.editor.create(document.getElementById('doc_editor'), {
+                value: suggestion,
+                automaticLayout: true,
+                language: "typescript",
+                readOnly: true, // make the editor read-only
+                lineNumbers: "off", // hide line numbers
+                glyphMargin: false, // hide the glyph margin (which includes the line numbers)
+                lineDecorationsWidth: 0, // set the line decorations width to 0 to hide the line numbers
+                minimap: { enabled: false }, // hide the minimap
+                scrollbar: { horizontal: "hidden", vertical: "hidden" }, // hide the scrollbar
+                overviewRuler: { visible: false }, // hide the overview ruler
+                scrollbar: {
+                    handleMouseWheel:false
+                }
+            }); 
+            var textArea = document.getElementById('@Html.IdFor(x => x.SyncRolesScript)');
+            if (!textArea.value) {
+                resetScript();
+            } else {
+                editor.getModel().setValue(textArea.value);
+            }
+
+            window.addEventListener("submit", function () {
+                textArea.value = editor.getValue();
+            });
+        });
+    });
+
+</script>
+
+<script at="Foot">
     function toggleEditorState() {
         var syncRolesCheckbox = document.getElementById('@Html.IdFor(x => x.UseScriptToSyncRoles)');
-        var editor = $('#@Html.IdFor(x => x.SyncRolesScript)').data('editor');
+
         if (syncRolesCheckbox.checked) {
-            editor.options.readOnly = false;
+            $("#SyncRolesScript_wrapper,#doc_editor").show()
+
         } else {
-            editor.options.readOnly = "nocursor";
+            $("#SyncRolesScript_wrapper,#doc_editor").hide()
         }
     }
+
     $(function () {
-        var textArea = document.getElementById('@Html.IdFor(x => x.SyncRolesScript)');
         var syncRolesCheckbox = document.getElementById('@Html.IdFor(x => x.UseScriptToSyncRoles)');
-        if (textArea == null) {
-            return;
-        }
-        var editor = CodeMirror.fromTextArea(textArea, {
-            autoRefresh: true,
-            lineNumbers: true,
-            styleActiveLine: true,
-            matchBrackets: true,
-            autoCloseTags: true,
-            mode: "javascript"
-        });
-        $('#@Html.IdFor(x => x.SyncRolesScript)').data('editor', editor);
-        resetScript(editor.doc.getValue() != '');
+
         syncRolesCheckbox.addEventListener("change", toggleEditorState);
         toggleEditorState();
     });
diff --git a/src/OrchardCore/OrchardCore.Users.Abstractions/Handlers/IExternalLoginEventHandler.cs b/src/OrchardCore/OrchardCore.Users.Abstractions/Handlers/IExternalLoginEventHandler.cs
index 3cc69fc0e41..1310cddc462 100644
--- a/src/OrchardCore/OrchardCore.Users.Abstractions/Handlers/IExternalLoginEventHandler.cs
+++ b/src/OrchardCore/OrchardCore.Users.Abstractions/Handlers/IExternalLoginEventHandler.cs
@@ -17,9 +17,10 @@ public interface IExternalLoginEventHandler
         Task<string> GenerateUserName(string provider, IEnumerable<SerializableClaim> claims);
 
         /// <summary>
-        /// Occurs when the user roles are updated.
+        /// Occurs when the user is updated.
         /// </summary>
-        /// <param name="context">The <see cref="UpdateRolesContext"/>.</param>
-        Task UpdateRoles(UpdateRolesContext context);
+        /// <param name="context">The <see cref="UpdateUserContext"/>.</param>
+        Task UpdateUserAsync(UpdateUserContext context);
+       
     }
 }
diff --git a/src/OrchardCore/OrchardCore.Users.Abstractions/Handlers/UpdateRolesContext.cs b/src/OrchardCore/OrchardCore.Users.Abstractions/Handlers/UpdateRolesContext.cs
deleted file mode 100644
index d98a6b25893..00000000000
--- a/src/OrchardCore/OrchardCore.Users.Abstractions/Handlers/UpdateRolesContext.cs
+++ /dev/null
@@ -1,50 +0,0 @@
-using System.Collections.Generic;
-using System.Linq;
-
-namespace OrchardCore.Users.Handlers
-{
-    /// <summary>
-    /// Represents a <see cref="UserContextBase"/> for updated user roles.
-    /// </summary>
-    public class UpdateRolesContext : UserContextBase
-    {
-        /// <summary>
-        /// Creates a new instance of <see cref="UpdateRolesContext"/>.
-        /// </summary>
-        /// <param name="user">The <see cref="IUser"/>.</param>
-        /// <param name="loginProvider">The login provider.</param>
-        /// <param name="externalClaims">The user claims.</param>
-        /// <param name="userRoles">The user roles.</param>
-        public UpdateRolesContext(IUser user, string loginProvider, IEnumerable<SerializableClaim> externalClaims, IEnumerable<string> userRoles) : base(user)
-        {
-            ExternalClaims = externalClaims.AsEnumerable();
-            UserRoles = userRoles;
-            LoginProvider = loginProvider;
-        }
-
-        /// <summary>
-        /// Gets the login provider.
-        /// </summary>
-        public string LoginProvider { get; }
-
-        /// <summary>
-        /// Gets a list of external claims.
-        /// </summary>
-        public IEnumerable<SerializableClaim> ExternalClaims { get; }
-
-        /// <summary>
-        /// Gets the user's roles.
-        /// </summary>
-        public IEnumerable<string> UserRoles { get; }
-
-        /// <summary>
-        /// Gets the roles to be added to the user roles.
-        /// </summary>
-        public List<string> RolesToAdd { get; init; } = [];
-
-        /// <summary>
-        /// Gets the roles to be removed from the user roles.
-        /// </summary>
-        public List<string> RolesToRemove { get; init; } = [];
-    }
-}
diff --git a/src/OrchardCore/OrchardCore.Users.Abstractions/Handlers/UpdateUserContext.cs b/src/OrchardCore/OrchardCore.Users.Abstractions/Handlers/UpdateUserContext.cs
new file mode 100644
index 00000000000..48a31028db3
--- /dev/null
+++ b/src/OrchardCore/OrchardCore.Users.Abstractions/Handlers/UpdateUserContext.cs
@@ -0,0 +1,77 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Text.Json.Nodes;
+using OrchardCore.Users.Models;
+
+namespace OrchardCore.Users.Handlers
+{
+    /// <summary>
+    /// Represents a <see cref="UserContextBase"/> for updated user roles.
+    /// </summary>
+    public class UpdateUserContext : UserContextBase
+    {
+        /// <summary>
+        /// Creates a new instance of <see cref="UpdateUserContext"/>.
+        /// </summary>
+        /// <param name="user">The <see cref="IUser"/>.</param>
+        /// <param name="loginProvider">The login provider.</param>
+        /// <param name="externalClaims">The user claims.</param>
+        /// <param name="userProperties">The user properties.</param>
+        public UpdateUserContext(IUser user, string loginProvider, IEnumerable<SerializableClaim> externalClaims, JsonObject userProperties) : base(user)
+        {
+            ExternalClaims = externalClaims.AsEnumerable();
+            LoginProvider = loginProvider;
+            UserProperties = userProperties.DeepClone() as JsonObject;
+        }
+
+        /// <summary>
+        /// Gets the login provider.
+        /// </summary>
+        public string LoginProvider { get; }
+
+        /// <summary>
+        /// Gets a list of external claims.
+        /// </summary>
+        public IEnumerable<SerializableClaim> ExternalClaims { get; }
+
+        /// <summary>
+        /// Gets the user properties.
+        /// </summary>
+        public JsonObject UserProperties { get; }
+
+        /// <summary>
+        /// Gets the user's roles.
+        /// </summary>
+        public IEnumerable<string> UserRoles { get; set; } = [];
+
+        /// <summary>
+        /// Gets the user's roles.
+        /// </summary>
+        public IEnumerable<UserClaim> UserClaims { get; set; } = [];
+
+        /// <summary>
+        /// Gets the roles to be added to the user roles.
+        /// </summary>
+        public List<string> RolesToAdd { get; init; } = [];
+
+        /// <summary>
+        /// Gets the roles to be removed from the user roles.
+        /// </summary>
+        public List<string> RolesToRemove { get; init; } = [];
+
+        /// <summary>
+        /// Gets the claims to be added from the user claims.
+        /// </summary>
+        public List<UserClaim> ClaimsToUpdate { get; init; } = [];
+
+        /// <summary>
+        /// Gets the claims to be removed from the user claims.
+        /// </summary>
+        public List<UserClaim> ClaimsToRemove { get; init; } = [];
+
+        /// <summary>
+        /// Gets the user properties to update the user
+        /// </summary>
+        public JsonObject PropertiesToUpdate { get; set; }
+    }
+}
diff --git a/src/OrchardCore/OrchardCore.Users.Core/Models/UserClaim.cs b/src/OrchardCore/OrchardCore.Users.Abstractions/Models/UserClaim.cs
similarity index 100%
rename from src/OrchardCore/OrchardCore.Users.Core/Models/UserClaim.cs
rename to src/OrchardCore/OrchardCore.Users.Abstractions/Models/UserClaim.cs
diff --git a/src/docs/guides/microsoft-entra-id-integration/README.md b/src/docs/guides/microsoft-entra-id-integration/README.md
index c3bec3a2c52..146585e5837 100644
--- a/src/docs/guides/microsoft-entra-id-integration/README.md
+++ b/src/docs/guides/microsoft-entra-id-integration/README.md
@@ -86,11 +86,13 @@ also check the settings to disable asking user info on first registration
 
 ## Configure login settings
 
-[Navigate to Security/Settings/Login](https://localhost:5001/Admin/Settings/LoginSettings) and check Use a script to set user roles based on external provider claims and copy the following script
+[Navigate to Security/Settings/Login](https://localhost:5001/Admin/Settings/LoginSettings) and check Use a script to set user roles, user claims and user properties based on external provider claims and copy the following script
 
 ```javascript
 switch (context.loginProvider) {
     case "AzureAd":
+        context.propertiesToUpdate = {"UserProfile":{"UserProfile":{"DisplayName":"UserDisplayNameValue"}}};
+        context.claimsToUpdate = [{ claimType: "DisplayName", claimValue: "UserDisplayName"}];
         context.externalClaims.forEach(claim => {
             if (claim.type === "http://schemas.microsoft.com/ws/2008/06/identity/claims/role") {
                 switch (claim.value) {
diff --git a/test/OrchardCore.Tests/OrchardCore.Users/RegistrationControllerTests.cs b/test/OrchardCore.Tests/OrchardCore.Users/AccountControllerTests.cs
similarity index 61%
rename from test/OrchardCore.Tests/OrchardCore.Users/RegistrationControllerTests.cs
rename to test/OrchardCore.Tests/OrchardCore.Users/AccountControllerTests.cs
index 0b76d301d73..dd9425009eb 100644
--- a/test/OrchardCore.Tests/OrchardCore.Users/RegistrationControllerTests.cs
+++ b/test/OrchardCore.Tests/OrchardCore.Users/AccountControllerTests.cs
@@ -1,3 +1,4 @@
+using System.Text.Json.Nodes;
 using OrchardCore.Entities;
 using OrchardCore.Environment.Extensions;
 using OrchardCore.Environment.Extensions.Features;
@@ -7,13 +8,166 @@
 using OrchardCore.Tests.Apis.Context;
 using OrchardCore.Users;
 using OrchardCore.Users.Controllers;
+using OrchardCore.Users.Handlers;
+using OrchardCore.Users.Indexes;
 using OrchardCore.Users.Models;
 using OrchardCore.Users.ViewModels;
 
 namespace OrchardCore.Tests.OrchardCore.Users;
 
-public class RegistrationControllerTests
+public class AccountControllerTests
 {
+    [Fact]
+    public async Task ExternalLoginSignIn_Test()
+    {
+        // Arrange
+        var context = await GetSiteContextAsync(new RegistrationSettings()
+        {
+            UsersCanRegister = UserRegistrationType.AllowRegistration,
+        });
+
+        // Act
+        var model = new RegisterViewModel()
+        {
+            UserName = "TestUserName",
+            Email = "test@orchardcore.com",
+            Password = "test@OC!123",
+            ConfirmPassword = "test@OC!123",
+        };
+
+        var responseFromGet = await context.Client.GetAsync("Register");
+        responseFromGet.EnsureSuccessStatusCode();
+        var response = await context.Client.SendAsync(await CreateRequestMessageAsync(model, responseFromGet));
+
+        // Assert
+        Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
+        Assert.Equal($"/{context.TenantName}/", response.Headers.Location.ToString());
+
+        await context.UsingTenantScopeAsync(async scope =>
+        {
+            var userManager = scope.ServiceProvider.GetRequiredService<UserManager<IUser>>();
+
+            var user = await userManager.FindByNameAsync(model.UserName) as User;
+
+            var externalClaims = new List<SerializableClaim>();
+            var userRoles = await userManager.GetRolesAsync(user);
+
+            var context = new UpdateUserContext(user, "TestLoginProvider", externalClaims, user.Properties)
+            {
+                UserClaims = user.UserClaims,
+                UserRoles = userRoles
+            };
+
+            context.UserProperties["Test"] = 111;
+            Assert.NotEqual(user.Properties["Test"], context.UserProperties["Test"]);
+
+            var scriptExternalLoginEventHandler = scope.ServiceProvider.GetServices<IExternalLoginEventHandler>()
+                        .FirstOrDefault(x => x.GetType() == typeof(ScriptExternalLoginEventHandler)) as ScriptExternalLoginEventHandler;
+            var loginSettings = new LoginSettings
+            {
+                UseScriptToSyncRoles = true,
+                SyncRolesScript = """
+                    if(!context.user.userClaims?.find(x=> x.claimType=="lastName" && claimValue=="Zhang")){
+                        context.claimsToUpdate.push({claimType:"lastName",    claimValue:"Zhang"});
+                    }
+                    context.claimsToUpdate.push({claimType:"firstName",   claimValue:"Sam"});
+                    context.claimsToUpdate.push({claimType:"displayName", claimValue:"Sam Zhang(CEO)"});
+                    context.claimsToUpdate.push({claimType:"jobTitle",    claimValue:"CEO"});
+
+                    if(!context.user.userRoles?.includes('Administrator')){
+                        context.rolesToAdd.push("Administrator");
+                    }
+
+                    if(context.user.userProperties?.UserProfile?.UserProfile?.DisplayName?.Text!="Sam Zhang(CEO)")
+                    {
+                        context.propertiesToUpdate = {
+                            "UserProfile": {
+                                "UserProfile": {
+                                    "DisplayName": {
+                                        "Text": "Sam Zhang(CEO)"
+                                    }
+                                }
+                            }
+                        };
+                    }
+                    """
+            };
+            scriptExternalLoginEventHandler.UpdateUserInternal(context, loginSettings);
+
+            if (await AccountController.UpdateUserPropertiesAsync(userManager, user, context))
+            {
+                await userManager.UpdateAsync(user);
+            }
+
+            var session = scope.ServiceProvider.GetRequiredService<YesSql.ISession>();
+            var sam = await session.Query<User, UserByClaimIndex>()
+                    .Where(claim => claim.ClaimType == "displayName" && claim.ClaimValue == "Sam Zhang(CEO)")
+                    .FirstOrDefaultAsync();
+            Assert.NotNull(sam);
+
+             var claimsDict = sam.UserClaims.ToDictionary(claim => claim.ClaimType, claim => claim.ClaimValue);
+            Assert.Equal("Sam", claimsDict["firstName"]);
+            Assert.Equal("Zhang", claimsDict["lastName"]);
+            Assert.Equal("CEO", claimsDict["jobTitle"]);
+            Assert.Contains("Administrator", sam.RoleNames.FirstOrDefault());
+            Assert.Equal("Sam Zhang(CEO)", sam.Properties.SelectNode("$.UserProfile.UserProfile.DisplayName.Text").ToString());
+
+        });
+        await context.UsingTenantScopeAsync(async scope =>
+        {
+            var userManager = scope.ServiceProvider.GetRequiredService<UserManager<IUser>>();
+
+            var user = await userManager.FindByNameAsync(model.UserName) as User;
+
+            var externalClaims = new List<SerializableClaim>();
+            var userRoles = await userManager.GetRolesAsync(user);
+
+            var updateContext = new UpdateUserContext(user, "TestLoginProvider", externalClaims, user.Properties)
+            {
+                UserClaims = user.UserClaims,
+                UserRoles = userRoles,
+            };
+
+            var scriptExternalLoginEventHandler = scope.ServiceProvider.GetServices<IExternalLoginEventHandler>()
+                      .FirstOrDefault(x => x.GetType() == typeof(ScriptExternalLoginEventHandler)) as ScriptExternalLoginEventHandler;
+            var loginSettings = new LoginSettings
+            {
+                UseScriptToSyncRoles = true,
+                SyncRolesScript = """
+                    context.claimsToUpdate.push({claimType:"displayName", claimValue:"Sam Zhang"});
+                    context.claimsToUpdate.push({claimType:"firstName",   claimValue:"Sam"});
+                    context.claimsToUpdate.push({claimType:"lastName",    claimValue:"Zhang"});
+                    context.claimsToRemove.push({claimType:"jobTitle",    claimValue:"CEO"});
+                    context.rolesToRemove.push("Administrator");
+                    context.propertiesToUpdate = {
+                        "UserProfile": {
+                            "UserProfile": {
+                                "DisplayName": {
+                                    "Text": "Sam Zhang"
+                                }
+                            }
+                        }
+                    };
+                    """
+            };
+            scriptExternalLoginEventHandler.UpdateUserInternal(updateContext, loginSettings);
+
+            if (await AccountController.UpdateUserPropertiesAsync(userManager, user as User, updateContext))
+            {
+                await userManager.UpdateAsync(user);
+            }
+
+            var session = scope.ServiceProvider.GetRequiredService<YesSql.ISession>();
+            var userFromDb = await session.Query<User, UserByClaimIndex>()
+                         .Where(claim => claim.ClaimType == "displayName" && claim.ClaimValue == "Sam Zhang")
+                         .FirstOrDefaultAsync();
+
+            Assert.DoesNotContain("Administrator", userFromDb.RoleNames);
+            Assert.DoesNotContain(userFromDb.UserClaims, x => x.ClaimType == "jobTitle" && x.ClaimValue == "CEO");
+            Assert.Equal("Sam Zhang", userFromDb.Properties.SelectNode("$.UserProfile.UserProfile.DisplayName.Text").ToString());
+        });
+    }
+
     [Fact]
     public async Task Register_WhenAllowed_RegisterUser()
     {