SSO Active Directory Federation Design

Hello community, we are discussing about a new IDP technology on our company, and of course, Auth0 is inside our possibilities.
Here is the particular scenario we have to achieve:

  • A database has many accounts that ‘represent’ same user but their email is smth like ‘user1+suffix’
  • Some applications only recognise users according this ‘user1+suffix’ email. They dont have the ability of recognise users without suffix or similar thing (and they dont want to change that at least for the moment)
  • They want to start using federation so the user does not need to ‘remember’ this differents email accounts.

I was thinking in the following scenario, but IDK if its possible to achieve in Auth0:

-app auth on openid code flow

  • first screen asks for what is the required suffix
  • redirects and do the saml flow
  • once the saml flow is done we can take the email, add the suffix
  • match the user on the db and return the token with the email with suffix

is it possible to achieve this with auth0? do you have any different design for this use case?

PS: we can not change the users or data modeling unfortunatelly