SAML User with IdP-Initiated is Not Sending the Email in the ID Token

Problem statement

SAML user profile contains email, but when the user tries to log in with the IdP-initiated flow, the generated ID token does not contain email.

Solution

The Query String in the IdP-initiated flow (Dashboard > Authentication > Enterprise > SAML > select the specific SAML connection (tinuiti in this case) > IdP-initiated SSO tab > IdP-initiated SSO Behavior > Query String )
should include protocol-specific values, such as scope, response_type, redirect_uri, and audience. These values should match the ones the application expects when using an SP-initiated flow.

The email attribute should be present in the token if the email is included in the requested scope.

For example:

scope=openid email profile