Sub formatting in the JWT ID Token for Enterprise Connections

Help
, ,
1

Hello,

I’m looking to get more information on the exact structure that auth0 formats the sub (user_id) in the incoming callback in the JWT ID token once a user is authentication in auth0.

For example the auth0 database format is: auth0|xxxxx
A google social connection is: google-oauth2|xxxxx

This is pretty standard. However now I want to set up a self serve SSO and want to be able to decipher the connection using the incoming sub.
When I create a custom SAML connection the sub of the user has the format:
samlp|connection-name|user-id-from-idp.
I can see the same is the case for custom oidc:
odic|connection-name|user-id-from-idp.

I would like to know how the sub’s in the other Identity Provider types would be formatted for each of the options in the self serve SSO flow (see image).

Thanks in advance!

Screenshot 2025-02-25 at 13.24.25
Screenshot 2025-02-25 at 13.24.252098×1172 144 KB

3

Hi @nadia.zyborska

Welcome to the Auth0 Community!

You can view these values under our documentation about Enterprise Connections. To save you a bit of time, they would be:

  • ad (Active Directory/LDAP)
  • adfs (ADFS)
  • auth0-adldap
  • google-apps (Google Workspace)
  • ip
  • office365
  • oidc (OpenID Connect)
  • pingfederate (PingFederate)
  • samlp (SAML)
  • sharepoint
  • waad (Microsoft Azure AD)

Hope this helps! If you have any other questions, feel free to let me know!

Kind Regards,
Nik

4

Amazing, thanks @nik.baleca!
Am I correct in thinking that for each of these Enterprise connections, a new connection will be created in auth0 and the name would be included in the sub with the following format:
enterprise-connection-strategy|connection-name|idp-user-id for each of the enterprise connections?

5

Hi again!

Yes, that is right!

1 Like