Problem statement
This article explains a potential cause for receiving failed login events with the below error:
Audience is invalid. Configured: urn:auth0:your_tenant_name:your_connection_name
Cause
This error occurs if the value of the audience element from the identity provider’s SAML response doesn’t match the value expected by Auth0.
Auth0 expects the value to be the Entity ID for the connection.
The audience that should be sent in the SAML response is what is listed in the error: urn:auth0:your_tenant_name:your_connection_name
See the document Audience is Invalid for more information.
Solution
Copy the SAMLResponse from one of the failed log events and paste it into https://samltool.io/, then the SAML response will be converted into XML.
The SAML response from the IdP should contain the Audience parameter. So, something like below should be present in it:
...
<saml:AudienceRestriction>
<saml:Audience>
<The audience which Auth0 as SP is expecting >
</saml:Audience>
</saml:AudienceRestriction>
...
Verify and correct this on the Identity Provider (IdP) side.