How to pass data generated on login in SAML assertion?


I’m really struggling to understand how I am supposed to customize SAML assertions on user login.

I get that I can map user attributes to a particular SAML parameter both in the add-on settings and via rules. However, I need to generate a token from my api during either an action or rule on login and pass its value via SAML. I have learned I cannot do this by storing the token in app_metadata as the patch to the metadata will not go through until after the saml assertions are generated. How am i supposed to send custom parameters via saml on login that are not static attributes in the users profile? Again, mapping a pre-existing attribute is not what i’m looking for here–i’m trying to send custom information that is generated on log in.

Thanks for any help you can give


Hi @avii,

Rules will run sequentially in the order that you have them configured in your tenant, so you should be able to update the user’s app_metadata in the first rule that runs, and then have a second rule run after that to include that app_metadata in the SAML Assertion.

Here are some additional resources from our docs on this as well:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.