I’m integrating Auth0 with a SAML Identity Provider. During testing, I can see a specific attribute in the SAML response XML (confirmed using a SAML tracing tool), but this attribute does not appear in the Auth0 user profile after login.
All other attributes from the same SAML response are correctly saved and visible in the Auth0 user object. Only this one property is missing.
Could you please help me understand why this attribute might not be stored or exposed by Auth0?
Specifically, I’d like to know:
-
Whether Auth0 automatically maps all attributes in the SAML assertion or only a predefined set.
-
How I can explicitly map this custom attribute so that it’s available in the Auth0 user profile
I can share the relevant portion of the SAML response XML and the connection settings if that helps. 
First try searching for your answer.
Hi @vikas.viswanathan
Thank you for reaching out to us!
Please allow me some time to research this issue and I will be back with information as soon as possible.
Best regards,
Gerald
Hi @vikas.viswanathan
Thank you for your patience on this matter!
Reading through your use-case, it is a great first-start that Auth0 receives the SAML attribute ( as you’ve confirmed via the tracing tool), but it is likely not amongst the standard attributes and does not automatically map it. In essence, the attribute is received, but as Auth0 is not told what to do with it, the result is that it gets ignored.
You will need to map it in order to appear on the user’s profile, for example to the user’s app_metadata. This can be achieved the following way:
- confirm the exact name of the attribute from the response ( these are highly case-sensitive, therefore you need to ensure the exact name is being recorded). As an example, in the following response we are looking for the name value of the attribute corresponding to employee_id :
<saml:AttributeStatement>
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ...>
<saml:AttributeValue>test.user@example.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:my-company:claims:employee-id" ...> /// <-- this is what we need
<saml:AttributeValue>E123456</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
- In your Auth0 dashboard, go to Authentication → Enterprise, find your Connection and navigate to the Mappings tab;
- In the JSON editor, you will need to create the mapping. For the above example, we will map the attribute to employee_id in the user’s app_metadata as such :
"app_metadata.employee_id": "urn:my-company:claims:employee-id"
- save the changes and perform the login once more for the new mappings to take effect, as these run during the login transaction.
Allow me to share some useful documentations on this matter:
Hope this helped!
Gerald
Hi Gerald,
Thank you for the good explanation. It has solved my first issue. This is how my mappings look now.
I have a follow-up question: the IdentityProvider parameter is being stored permanently in Auth0’s user profile. Is there a way to store it only for the active session so that it’s deleted once the user logs out?
