Hi,
A background for the problem is that on Idp side user with the same email address can belong to different organizations. In SAML response email address is used as a name identifier and with default setup picked up with Auth0 as a user_id
. This basically means that only 1 user is created on Auth0 and login in under either organization leads to overriding User Profile what is undesired, as it should be considered as login of different user with her own permissions and setting. To mitigate that Idp provides customer attribute userId
which is value uniquely identifying the user among all organizations.
So I’m looking for an option to override user_id
with value which is provided in SAML response attribute userId
from Idp.
What I tried to do was to setup SAML addon settings to following which did not take any effect:
{
"mappings": {
"user_id": "http://schemas.auth0.com/userId"
},
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"nameIdentifierProbes": [
"http://schemas.auth0.com/userId"
]
}
Is it feasible to achieve in Auth0