Add custom saml attributes to id token

Auth0 is connected to an external IDp using a SAML connection. this connection will return a custom attribute. I am not sure if it should be added to the user properties in Auth0, using the Mappings section of the connector, or if that is the only way to do it

I am then trying to add the information from that attribute to the Token using Action–>Flows
api.idToken.setCustomClaim however I don’t seem to be able to add it

I can add information from app_metadata but not from user properties (does not seem to recognize it).

Therefore I am not sure how to either add it to the app_metadata during saml logon or how I can get it from the user properties

Hi @kris.macgillivray

Welcome to the Auth0 Community, it’s really great to have you here :slight_smile:

I take it Auth0 is acting as the service provider in this case given that you have an external IdP. If the IdP is sending you a custom attribute you will certainly need to map it in Authentication > Enterprise > SAML connection > Mappings tab.

The left side of the mapping is the user attribute on the SP side, the right side of the mapping is the claim you’re receiving from the IdP. I would probably do a test connection and open the network trace in the browser to locate the SAML response coming in, check the response in samtool.io to confirm the custom attribute is there and also confirm the spelling etc.

You should also see the attribute in the user account, raw json tab.

Not all user properties are available under Actions right now, please see this list for event.user https://auth0.com/docs/customize/actions/triggers/post-user-registration/event-object#:~:text=original%20authentication%20request.-,event.user,-An%20object%20describing

You would need to use Rules for this scenario until Actions reaches feature parity. Example rule to get the groups property into the Id Token would be

function (user, context, callback) {	
  context.idToken['https://mynamespace/groups'] = user.groups;
	callback(null, user, context);
  return callback(null, user, context);
}

Please let me know if you have any further questions on any of this.

Regards