"No attribute was found to generate the nameIdentifier" error when trying to log into Zendesk using the SSO integrations

lihua.zhang · December 7, 2022, 1:33am

Problem Statement

When trying to log into Zendesk using the SSO integrations, users experience the error:

No attribute was found to generate the nameIdentifier. We tried with: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Cause

The Zendesk integration tries to generate the SAML assertion’s NameIdentifier using the email address of the user profile. The issue is caused by the user not having an email address in the user profile.

Solution

Identify why your user doesn’t have an email address in their user profile. Most probably, the upstream identity provider isn’t sending an email address back to Auth0, or you haven’t configured the correct user attribute mapping on either the Identity Provider end or Auth0 end.

To fix the issue, configure the upstream identity provider to send an email address or fix the profile mapping of the related Auth0 connection.

Topic		Replies	Views
Invalid_request: No attribute was found to generate the nameIdentifier. We tried with: Help login-experience , login-prompt-new-experience	2	468	February 29, 2024
Email Attribute Is Missing from Okta SAML Login Knowledge Articles email , okta , saml2 , idp , mapping	1	1551	January 30, 2024
Missing Custom Attributes in Zendesk when Using SSO Integration Knowledge Articles zendesk , sso-integration , custom-attributes	1	96	July 9, 2024
SAML Mapping Issues with Shibboleth Knowledge Articles samlp , saml2 , idp , shibboleth , service-provider , mapping , attribute	1	430	March 2, 2024
Customize SAML Name ID Help sso , application	4	1117	January 3, 2024

"No attribute was found to generate the nameIdentifier" error when trying to log into Zendesk using the SSO integrations

Problem Statement

Cause

Solution

Related Topics