I’m using a SAML enterprise connection. I noticed that user profiles for users that have logged in via this connection don’t have the right user names. Instead of the user’s name, the name in the profile is populated with an email address.
The SAML connection has the following field mappings:
I’ve looked at the connection’s debug logs, and I see that the http://schemas.microsoft.com/identity/claims/displayname field does have the expected user name. Auth0’s docs say that the profile should be updated automatically whenever a user logs in through the connection, but I’m not seeing the user name getting updated to match.
Welcome to the Auth0 Community Great to have you on board.
I will run through an overview of my process implementing your use case, you can check against yours to see if you missed anything. On first glance your mapping prefix URL’s are all different and this is unexpected, usually they will all be consistent but let’s review.
The key thing on this is to take a look at what is in your SAML response. If you do a login against your SAML connection and have the browser dev tools open to see the network calls. There will be a POST against your ACS url configured on your IdP like the below:
As you can see the SAML response is within the payload. If you copy this into https://samltool.io/ you’ll be able to see the attributes in the SAML response clearly.
In my test you can see what my IdP is configured to send, I included an additional full name attribute for illustration purposes.
Unfortunately I’m not able to use the browser console to view the SAML response directly, as these are users outside my organization who are logging in to my application using their own IdP. Instead, I have been using Debug Mode on the connection, and looking at connection logs as described here: Troubleshoot SAML Configurations
I enabled debug mode on the SAML connection
Found a Success Login log entry
Looked at the original_profile property on the log entry
Within the original_profile value, I see there is a mapping from "http://schemas.microsoft.com/identity/claims/displayname" to the expected display name