Apologies for the late reply, one of the causes can indeed be incorrect attribute mapping for the username, as you have mentioned. Based on the described behaviour, it can mean that the SP ( Global Protect ) receives the SAML assertion from Auth0 ( IdP ), however it cannot identify the user and then stops the connection.
While we currently do not offer a guide for specifically integrating Global Protect with Auth0, this should still follow general SAML principles and requirements. In the Addon’s tab within your application page, go to the SAML2 Web App and configure the mapping for the username attribute. Depending on what GP recognises, let’s say they go with " username ", this should be mapped similarly to : “username”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name”. This way, Auth0 will send an attribute called " username " to the SP, that correspond’s to the " name " attribute within Auth0.
The following documentation should help to Configure Auth0 as SAML Identity Provider with general steps; adding to this, the Customize SAML Assertions and Map SAML Attributes with Auth0 as IdP/SAML Add-on should help with general Attribute Mapping issues.
This should hopefully fix the issue, but let us know if anything else comes up!
Have a great one,
Gerald