Hi @OliJ,
Thanks for your update.
I have checked your settings and everything you have shared with me looks good.
At this point, I’d suggest using the Real-time Webtask Logs Extension to confirm that your Post Login Action script is executing inside the if-conditional statement. You could also use console.log() statements to verify the user_metadata values being read.
Finally, please take a look at this knowledge solution for a complete reference for mapping user_metadata/app_metadata into claims in the SAML response.
Thanks,
Rueben