Summary:
How can we check against custom SAML attributes in Actions without the use of a Rule to move data from the root level into app_metadata?
More Detail:
We use Auth0 to cater to our B2B use case, and we have support staff and developers that occasionally need to sign into a customer site to do some debugging or configuration management. Our staff will be logging in using a SAML enterprise connection (Auth0 is serving as the SP). Our IAM policy management would prefer that we can control which staff can sign into which customer sites with security groups in our IdP.
These groups don’t have a great root level field to map to on the Auth0 user profile, so we ideally would want to put these into app_metadata. However, SAML mappings don’t support dot notation, so we have to put them into a custom field and use a Rule to move them into app_metadata, and then perform validation later in an Action. This was the best solution I could find online, and searching for an answer is difficult since Auth0 can serve as both the IdP and SP.
I am worried our use case will be unsupported since: