Read SAML Response Claims from IdPs inside Actions

I originally asked a similar question last year (Cannot Access Mapped SAML properties Inside Custom Action). The issue still persists so I am still using a custom Rule to access the SAML response field.

I would like to migrate over to Actions since those are recommended and Rules are set to be deprecated very soon (sometime in 2022). That response states:

First, I’d like to address that we will continue to support Rules until its deprecation sometime in the second half of 2022. By that time, all of the features in Rules will be integrated and available in Actions.

I really want to use Actions but this is blocking me. My setup looks like this:

My Enterprise SAML Mappings

  "custom_saml_groups": [

My New Action

exports.onExecutePostLogin = async (event, api) => {
  const customGroups = event.user.custom_saml_groups; // THIS DOES NOT EXIST
  if (customGroups === 'MyExpectedGroup') {
    api.user.setAppMetadata('app_group', 'SpecialGroup');

Whereas, my current Rule still works:

function(user, context, callback) {
  const customGroups =user.custom_saml_groups; // THIS EXISTS
  if (customGroups === 'MyExpectedGroup') {
     const meta = user.app_metadata;
     meta.app_group = 'SpecialGroup';
     auth0.users.updateAppMetadata(user.user_id, meta);

Another community member recommended fetching the user from the Management API, but SGO said that wasn’t a scalable solution because of rate limits.

Is there any update on when this will be available in Actions and/or if there is a solution out there? There is no way to map SAML claims to app_metadata so my only option is to use Rules/Actions.

Thank you,


1 Like

Are there any updates on this issue ?