SAML assertion changed when app changed business users (organization)

bezell · September 11, 2024, 8:05pm

We have an application we need to change from a basic individual type of login to a business user style (requires an organization first). The SAML configuration is very basic for the application and sends the SP the email address as the identifier:

{
  "mappings": {
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  },
  "createUpnClaim": false,
  "mapIdentities": false,
  "passthroughClaimsWithNoMapping": true,
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

After the type changes, the assertion uses the user_id ("auth0|1234123412341) instead–ignoring the SAML configuration. What am I missing here? How do I force it back to the email address as the identifier?

Topic		Replies	Views
SAML Assertions Help saml	2	3836	March 2, 2018
Cannot map user group in SAML assertion Help connections , saml-enterprise-connection	1	990	August 16, 2023
SAML mapping issues Help auth0 , saml2	1	3478	May 20, 2020
User profiles are not reflecting the current SAML field mappings Help connections , saml-enterprise-connection	5	1505	June 5, 2023
Send Auth0 Id as identifier instead of email after authentication is succesasfully Help	1	4758	December 26, 2019

SAML assertion changed when app changed business users (organization)

Related topics