We have an application we need to change from a basic individual type of login to a business user style (requires an organization first). The SAML configuration is very basic for the application and sends the SP the email address as the identifier:
{
"mappings": {
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
},
"createUpnClaim": false,
"mapIdentities": false,
"passthroughClaimsWithNoMapping": true,
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
]
}
After the type changes, the assertion uses the user_id ("auth0|1234123412341) instead–ignoring the SAML configuration. What am I missing here? How do I force it back to the email address as the identifier?