SAML assertion changed when app changed business users (organization)

bezell · September 11, 2024, 8:05pm

We have an application we need to change from a basic individual type of login to a business user style (requires an organization first). The SAML configuration is very basic for the application and sends the SP the email address as the identifier:

{
  "mappings": {
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  },
  "createUpnClaim": false,
  "mapIdentities": false,
  "passthroughClaimsWithNoMapping": true,
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ]
}

After the type changes, the assertion uses the user_id ("auth0|1234123412341) instead–ignoring the SAML configuration. What am I missing here? How do I force it back to the email address as the identifier?

Topic		Replies	Views
Where to normalize email in SSO SAML Enterprise Connections? Help connections , saml-enterprise-connection	1	21	November 4, 2024
Set Custom NameIdentifier Attribute in SAML Response from Auth0 Knowledge Articles saml-idp	1	9	October 29, 2024
Map SAML attributes to user_metadata attributes via action Help identifier-first , login-experience	3	1482	September 26, 2024
Email prefill not working for SAML application Help identifier-first , login-experience	4	34	September 30, 2024
Auth0 IdP-Initiated SSO between SPA and External (SP) Help sso , application	0	25	September 30, 2024

SAML assertion changed when app changed business users (organization)

Related Topics