I know users for sure were able to log in, but I wasn’t able to find the logs. Users are on a SAML Enterprise connection. I tried different queries and could not find the login events.
- Find the user and check the connection type they are on
- Check profile attributes include the searched for terms, and the attribute should be searchable attributes
- Check mapping settings for connection
If a user is missing profile information, either due to it not being sent by the Enterprise IdP or incorrect mapping, the searched for fields may not be populated and it will not be possible to find the login events in logs for that user due to the missing field.
You could enable the debug mode on the connection and inspect a successful login event for a sample user to check what was sent in the SAML response from the IdP. With debug enabled, this will be added to the log details. Alternatively, if you have a test account with the SAML IdP, you could perform a login and inspect the SAML response sent to your tenant’s callback endpoint in the browser’s network tab.
You can decode the SAML response here:
Based on what is sent by the IdP, you can modify the mappings as needed to pull any additional information into the Auth0 profile and make it easier to locate users by populating searchable fields with relevant information from the IdP.