SAML Addon Mapping Skipping Duplicated Attributes

Problem statement

A SAML add-on configuration has been deliberately configured with two “email” attributes.

  "mappings": {
    "given_name": "First Name",
    "family_name": "Last Name",
    "email": "Email",
    "email": """
  "passthroughClaimsWithNoMapping": false,
  "createUpnClaim": false,
  "mapIdentities": false

However the “email”: “Email” attribute is absent from the output of the mapping.
It seems like the same email attribute cannot be mapped to different SAML Attributes twice.


This is a limitation of the SAML add-on: it automatically clears the duplicated email entry upon saving. The solution to this issue is to map the same attribute multiple times through a Rule.


Provide this mapping configuration within a Rule. It is then possible to have the “email” be both ‘nameidentifier’ and an ‘email’ claim. The configuration is very similar, except the Auth0 attribute is the right-hand parameter when setting this up in a Rule:

function mapSamlAttributes(user, context, callback) {
if(context.clientID === 'YOUR_CLIENT_ID_HERE') {
context.samlConfiguration.mappings = {
    'First Name': 'given_name',
    'Last Name': 'family_name',
    'RoleID' : 'groups'
  context.samlConfiguration.passthroughClaimsWithNoMapping = false;
  context.samlConfiguration.createUpnClaim = false;
  context.samlConfiguration.mapIdentities = false;

  callback(null, user, context);