TL;DR: There should be a real unique user ID field in the JWT which must be used for this.
Is this about the “Azure AD” SSO template?
I strongly believe that this requires a simple key-value pair.
From a conceptual point of view this also makes sense as you always want to identify a unique user, by its unique ID.
A unique ID should not be part of an array, where you could think of having multiple IDs for a single user.
What is the main reason behind this request to use the email?
Within the User data mappings the actual email address can also be mapped, using the same or another field of the JWT.
However the main limitation will be that no arrays are accepted.