I’ve got a question rather than bug or problem. Recently I played with single sign-on or more specifically with SAMLP enterprise integration. That works beautifully what I noticed is that when a user authenticates on external website and is redirected to Auth0 SAML endpoint Auth0 creates a genuine user record where we can map attributes from SAML response like email, given name and so on. There is even an option to synchronise user attributes in Auth0 with attributes in a source system on each user login. That obviously creates duplicated records - one in a source system and the same mirrored in Auth0. That surprised me - I thought that whole concept of federated access is that we don’t need to duplicate user details in our system. So the question is: Is it a common practice in world of SSO that duplicated user record is created and maintained in a federated system?