Cannot Access Mapped SAML Properties inside Custom Action


I have a SAML connection where Auth0 is the Service Provider for my application. I am trying out the new login flows but am running into a small problem that I’m not sure how to solve.

What I am trying to do
On a successful login from the SAML IdP, I want to update a user’s app_metadata with the returned roles and account.

What is Happening
I cannot seem to get the roles field off the user object from the SAML login

My configuration
In my Enterprise SAML connection I have this mapping:

  "role": [

This mapping works because I see role show up on my user when I view their raw JSON data in the dashboard. The property is a top level prop like so:

    "role": "manager",
    "user_id": "samlp|{connection}|auth0|{id}",
    "app_metadata": {
        "account": "sso-incorporated"
   // lots more fields

I then created this flow action to run after a successful login:

exports.onExecutePostLogin = async (event, api) => {
  if ( {
   // custom function to determine the account name from email address
    const accountName = getAccountNameFromEmail(;

    if (accountName) {
      // this works
      api.user.setAppMetadata("account", accountName);
      // this does not. Never saves anything (assuming `event.user['role']` is undefined)
      // I cannot figure out how to access the `role` on my user object from SAML reponse
      api.user.setAppMetadata("role", event.user['role']);

Is there any way I can access that property? I don’t mind putting my logic in the mapping rules either, but I don’t think it lets me map into app_metadata fields. I need the roles in the app_metadata because I search users based on that information.