I have found a big mistake in my question, a confirmation, and a solution.
The big mistake is stating the information from the third-party IDP is not saved. It is saved in the user profile (out of the metadata fields). It can be seen in the “Identity Provider Attributes” section of the user details, as well as in the “Raw JSON” section.
I have been able to confirm that this information cannot be retrieved via actions via event.user.["https://namespace/claim"]
It can however be used in rules via user.["https://namespace/claim"]
The solution is to use rules instead of actions (in this case, while actions do not enable this functionality).
PS: in case you find it strange that the IDP claims are stored replacing dots with colons (just like me), check this thread.