How to map extra SAML attributes from idP into Auth0 Profile


I have Auth0 setup as a SAML sP for my application. I’ve used the SAML mappings under the Enterprise Connection editor to map the standard attributes like User ID, Name, First Name, Last Name, Email, etc.

However, the idP (Ping) is passing a couple of extra attributes for user office ID and user department ID. These are not part of the Auth0 user profile. I assumed I could map them to either user_metadata or app_metadata, but the mapper does not allow ‘dotting’ the attribute (e.g. "user_metadata.office_id’ : “office_id” returns an error that ‘.’ is not allowed).

I’ve seen the topics for adding metadata to the response if Auth0 is the idP via rules, but thats for the reverse direction (Auth0 is the sP, Ping is the idP). Nothing to map extra attributes when logging in from an external idP. I see them in the Users RAW JSON, but can’t get them into a field that is readable by the application using the PHP-SDK. Alternatively, if I could read that Identity Provider Raw JSON from the app, that would suffice as well.

Everything else is working well on this setup, this is my last hurdle to overcome. Open to any suggestions here. Tanks!