diff --git a/identity/.snapshots/TestSchemaExtensionCredentials-case=13.json b/identity/.snapshots/TestSchemaExtensionCredentials-case=13.json
new file mode 100644
index 000000000000..0a7e7320cbaa
--- /dev/null
+++ b/identity/.snapshots/TestSchemaExtensionCredentials-case=13.json
@@ -0,0 +1,14 @@
+{
+  "type": "code",
+  "config": {
+    "addresses": [
+      {
+        "channel": "email",
+        "address": "bar@ory.sh"
+      }
+    ]
+  },
+  "version": 0,
+  "created_at": "0001-01-01T00:00:00Z",
+  "updated_at": "0001-01-01T00:00:00Z"
+}
diff --git a/identity/extension_credentials_test.go b/identity/extension_credentials_test.go
index 990037146333..25c1c827303b 100644
--- a/identity/extension_credentials_test.go
+++ b/identity/extension_credentials_test.go
@@ -141,6 +141,16 @@ func TestSchemaExtensionCredentials(t *testing.T) {
 			},
 			ct: identity.CredentialsTypeCodeAuth,
 		},
+		{
+			doc:                 `{"email":"bar@ory.sh"}`,
+			schema:              "file://./stub/extension/credentials/email.schema.json",
+			expectedIdentifiers: []string{"bar@ory.sh"},
+			existing: &identity.Credentials{
+				Identifiers: []string{"foo@ory.sh"},
+				Config:      sqlxx.JSONRawMessage(`{"addresses":[{"channel":"email","address":"foo@ory.sh"}]}`),
+			},
+			ct: identity.CredentialsTypeCodeAuth,
+		},
 	} {
 		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
 			c := jsonschema.NewCompiler()
diff --git a/identity/stub/extension/credentials/email.schema.json b/identity/stub/extension/credentials/email.schema.json
new file mode 100644
index 000000000000..848bfe54c952
--- /dev/null
+++ b/identity/stub/extension/credentials/email.schema.json
@@ -0,0 +1,44 @@
+{
+  "$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Person",
+  "type": "object",
+  "properties": {
+    "email": {
+      "type": "string",
+      "format": "email",
+      "title": "E-Mail",
+      "ory.sh/kratos": {
+        "credentials": {
+          "password": {
+            "identifier": true
+          },
+          "webauthn": {
+            "identifier": true
+          },
+          "totp": {
+            "account_name": true
+          },
+          "code": {
+            "identifier": true,
+            "via": "email"
+          },
+          "passkey": {
+            "display_name": true
+          }
+        },
+        "recovery": {
+          "via": "email"
+        },
+        "verification": {
+          "via": "email"
+        }
+      },
+      "maxLength": 320
+    }
+  },
+  "required": [
+    "email"
+  ],
+  "additionalProperties": false
+}