Enterprise signup and assignment of permissions/roles

Here’s what docs say:

A nice advantage of allowing your customers to use their own IdP is that they can administer their users and assign roles and access in their own IdP setup instead of forcing you to build administration for them. Working out the mapping for those customers will make this much easier.

But how do they assign roles and permissions defined in my system?
As I understand user must be provisioned to the Auth0 database first (first login), and then organization admin can assign roles to that user.
Am I missing something?

Hi @vpv,

Welcome to the Auth0 Community!

You are right.

The quote provided by you is trying to explain how to transfer roles from IDP to Auth0 instead of adding them manually.
I recommend checking this article if you want to assign roles in your IDP/SP and add those automatically in Auth0:

• How to Map SAML Attributes when Auth0 is the IDP in the SAML2 Addon
• Send roles as part of SAML assertion when Auth0 is the IdP

Thanks,
Timotei

But it’s the organization’s (customer’s) IDP, We manage roles in our system and their IDP is unaware of these roles.