"No attribute was found to generate the nameIdentifier" error when trying to log into Zendesk using the SSO integrations

Problem Statement

When trying to log into Zendesk using the SSO integrations, users experience the error:

No attribute was found to generate the nameIdentifier. We tried with: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Cause

The Zendesk integration tries to generate the SAML assertion’s NameIdentifier using the email address of the user profile. The issue is caused by the user not having an email address in the user profile.

Solution

Identify why your user doesn’t have an email address in their user profile. Most probably, the upstream identity provider isn’t sending an email address back to Auth0, or you haven’t configured the correct user attribute mapping on either the Identity Provider end or Auth0 end.

To fix the issue, configure the upstream identity provider to send an email address or fix the profile mapping of the related Auth0 connection.

1 Like