Authorization after SAML based SSO authentication

I’m researching Auth0 for the following use case:
I have enterprise customers who want my app to implement SSO using SAML.

I have read a good Auth0 write up on how to achieve this -

However I’m not sure how to go about attaching my app specific permissions to a user that has been authenticated by my customer’s IdP.

Currently my app has the typical homegrown user repository that stores the credentials as well as the permissions associated with a user.

Irrespective of whether I choose the option to migrate all my users to Auth0 or continue to maintain them in my database, I will need to provision users in my application, whose Identities are owned by my customer’s IdP, and then assign them roles and permissions for my application.

Is there any flow recommended by Auth0 for this situation? Is it as simple as - when successfully authenticated, Auth0 will redirect the user to the registered call back URL in my application and I simply take the username, lookup in my database and attach the roles and permissions?

If that’s the case, how do I implement the flow where a user is logging into my app for the first time and I need to provision that user in my database?

I feel this is a very common situation, but I don’t seem to be able to find any documentation around it.

Any help would be appreciated.

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?