SAML assertion changed when app changed business users (organization)

We have an application we need to change from a basic individual type of login to a business user style (requires an organization first). The SAML configuration is very basic for the application and sends the SP the email address as the identifier:

{
  "mappings": {
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  },
  "createUpnClaim": false,
  "mapIdentities": false,
  "passthroughClaimsWithNoMapping": true,
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

After the type changes, the assertion uses the user_id ("auth0|1234123412341) instead–ignoring the SAML configuration. What am I missing here? How do I force it back to the email address as the identifier?

Hi @bezell

Thank you for reaching out to us!

Looking through the mappings that you provided, I believe that something similar to the below ones should help get this solved for you:

{
  "mappings": {
    "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/userName",
    "email": [
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/identifier"
    ]
  },

Please find more information on our following documentation as well.

Hope this helps!
Gerald

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.