Auth0 Home Blog Docs

User Profile Identity Provider Attributes don't update once created

#1

Hi Everyone,
I’m trying to pass some custom attributes down from Okta. The connection has been set up as SAML between Auth0 and Okta. I initially thought the custom attributes weren’t working as I was using a User that had already signed in before I created the custom attributes. Using the Try button on my connection caused my User to refresh, so I received the new attributes. Ideally, these attributes would update on every login. The reason for this is I’m passing down Okta groups which I’m then using an Auth0 rule filter through and assign roles to an application.

Is it possible to get Identity Provider Attributes on a User Profile to update on every login? If not, can I Auth0 rule get the latest values and assign them to User app_metadata or user_metadata? If not, how would you pass information down on every login?
Thanks
Jason

#2

So after speaking to Auth0 support it turns out that Identity Provider Attributes update when a new Auth0 session is needed. Auth0 sessions last quite a while, unless your app is actually signing users out:

https://domain.auth0.com/v2/logout?client_id=XXX&returnTo=XXX

You can control the session timings under Tenant Settings (click profile picture and select settings) -> Advanced -> Log In Session Management but these are global not per app.

Although Auth0 recommend against IdP-Initiated SSO flow - for me coming from a Users Okta Dashboard - this always triggers a new session therefore updating the details on every login.

Hopefully this ends up helping someone else.

Okta SAML pass along the Users groups
#3

Thanks a lot @jasonagnew for sharing it with the rest of community!