Anyone did the Autodesk SSO connection successfully by Auth0? I don’t know how to do the user attributes mapping. Thanks.
{
"audience": "https://www.okta.com/saml2/service-provider/xyz123",
"mappings": {
"user_id": "objectGUID",
"given_name": "firstName",
"family_name": "lastName",
"email": "email"
},
"passthroughClaimsWithNoMapping": false,
"mapUnknownClaimsAsIs": false,
"mapIdentities": false,
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:email"
}
Hi @david.fung
Welcome back to the Auth0 Community!
Autodesk requires four specific SAML attributes to be present in the SAML assertion: firstName , lastName , email , and objectGUID.
To resolve this, you simply need to reverse the keys and values in your mapping block. The keys must be the attribute names Autodesk is expecting, and the values must be the corresponding Auth0 user profile properties.
The JSON payload for your Auth0 SAML configuration should look something like this:
{
"audience": "https://www.okta.com/saml2/service-provider/xyz123",
"mappings": {
"objectGUID": "user_id",
"firstName": "given_name",
"lastName": "family_name",
"email": "email"
},
"passthroughClaimsWithNoMapping": false,
"mapUnknownClaimsAsIs": false,
"mapIdentities": false,
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:email"
}
If you have any other questions, let me know!
Kind Regards,
Nik
Because “given_name” and “family_name” are empty by default, Autodesk rejected it. After I used the Auth0 API to update the two data attributes, it works fine. The below configuration is correct.
{
"audience": "https://www.okta.com/saml2/service-provider/xyz123",
"mappings": {
"user_id": "objectGUID",
"given_name": "firstName",
"family_name": "lastName",
"email": "email"
},
"passthroughClaimsWithNoMapping": false,
"mapUnknownClaimsAsIs": false,
"mapIdentities": false,
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:email"
}