How can I get organizationId in sisense if I use auth0 with SAML 2


I was trying to integrate auth0 with Sisense using SAML 2. I added the two screens while login so that user will first enter the organization name and then user credentials and password. Now is the issue is I am not able to get the organization name or id in the sisense so that I can use some business logic to show/filter dashboards in sisense using the organizationId. It would be really helpful if someone can tell me how I can get the organizationId while using SAML 2. I tried add this action

I tried adding post Login action to get the organizationId and send it using the api.idToken.setCustomClaim and api.accessToken.setCustomClaim methods

Hi @sanjoy.pator,

Welcome to the Auth0 Community!

I understand that you need some help with setting the Organization ID as a custom claim using a Post Login Action.

After reviewing your code snippet and testing this on my side, I managed to get the Organization ID appended to my tokens successfully.

Below is the code snippet I used in my test:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = '';
  if (event.authorization) {

Please note that custom claims can be appended using namespaced or non-namespaced identifiers.

See the following resources for more details:

I hope this helps!

Please let me know how this goes for you.


Since I am using auth0 with SAML 2 for sisense.This means that after a user is authenticated, Auth0 sends a SAML response back to Sisense, not ID/Access Tokens. So, instead of adding the organization information as a custom claim to ID/Access Tokens, you’ll just need to add the organization information to the SAML response. You’ll need to do this with a Rule. It’s not supported yet with Actions

So I tried this

function addOrgIdToAccessToken(user, context, callback) {
  // This rule adds the authenticated user's email address to the access token.
	console.log("user log sisense ",user);
  console.log("context log sisense ",context);
  console.log("callback log sisense ",callback);
  let namespace = "";
  //context.accessToken[`${namespace}/org`] =;

  //callback(null, user, context);
  // if available, add organization_id to SAML response
    if (context.organization) {
        user.org_id = context.organization;
        context.samlConfiguration.mappings = {
            "": "org_id"
  return callback(null, user, context);

And after that I got the response as this

user log sisense  {
  name: '',
  email: '',
  user_id: 'auth0|0123456789',
  nickname: 'jdoe',
  picture: '',
  identities: [
      provider: 'auth0',
      user_id: '0123456789',
      connection: 'Username-Password-Connection',
      isSocial: false
  persistent: {}
context log sisense  {
  clientID: '123456789',
  clientName: 'MyWebApp',
  connection: 'MyDbConn',
  connectionStrategy: 'auth0',
  protocol: 'oidc-basic-profile',
  request: {
    query: { scope: 'openid' },
    body: {},
    userAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36',
    ip: 'X.X.X.X',
    geoip: {
      city_name: 'Buenos Aires',
      continent_code: 'SA',
      country_code: 'AR',
      country_code3: 'ARG',
      country_name: 'Argentina',
      latitude: -34.6072,
      longitude: -58.3875,
      subdivision_code: 'C',
      subdivision_name: 'Buenos Aires F.D.',
      time_zone: 'America/Argentina/Buenos_Aires'
  samlConfiguration: {},
  stats: { loginsCount: 5 },
  accessToken: {},
  idToken: {},
  riskAssessment: {
    confidence: 'low',
    version: '1',
    assessments: {
      UntrustedIP: [Object],
      NewDevice: [Object],
      ImpossibleTravel: [Object]
callback log sisense  [Function]
context.organization undefined
The profile is: 
  "name": "",
  "email": "",
  "nickname": "jdoe",
  "picture": "",
  "user_id": "auth0|0123456789",
  "identities": [
      "provider": "auth0",
      "user_id": "0123456789",
      "connection": "Username-Password-Connection",
      "isSocial": false
The rules context is: 
  "clientID": "123456789",
  "clientName": "MyWebApp",
  "connection": "MyDbConn",
  "connectionStrategy": "auth0",
  "protocol": "oidc-basic-profile",
  "request": {
    "query": {
      "scope": "openid"
    "body": {},
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36",
    "ip": "X.X.X.X",
    "geoip": {
      "city_name": "Buenos Aires",
      "continent_code": "SA",
      "country_code": "AR",
      "country_code3": "ARG",
      "country_name": "Argentina",
      "latitude": -34.6072,
      "longitude": -58.3875,
      "subdivision_code": "C",
      "subdivision_name": "Buenos Aires F.D.",
      "time_zone": "America/Argentina/Buenos_Aires"
  "samlConfiguration": {},
  "stats": {
    "loginsCount": 5
  "accessToken": {},
  "idToken": {},
  "riskAssessment": {
    "confidence": "low",
    "version": "1",
    "assessments": {
      "UntrustedIP": {
        "confidence": "low",
        "code": "found_on_deny_list",
        "details": {
          "ip": "",
          "matches": "",
          "source": "STOPFORUMSPAM-1"
      "NewDevice": {
        "confidence": "low",
        "code": "no_match",
        "details": {
          "device": "unknown",
          "useragent": "unknown"
      "ImpossibleTravel": {
        "confidence": "low",
        "code": "impossible_travel_from_last_login"

This didn’t work because I don’t have the organization key in my context object. Do you know how can I add organization key to the context object

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.