When Auth0 is the , you can map user attributes through Auth0’s SAML2 add-on. Errors could occur if attributes are misconfigured. For example, a user enters username and password successfully, but fails to sign in to the application even though logs in the show successful login events. Or, your application is missing user information such as name or email.

Use cases

The user profile below is the example for the following scenarios. 
//SAMPLE IdP User Profile
{
   "created_at": "2021-06-21T13:26:08.579Z",
   "email": "testuser@example.com",
...
   "fav_genre": "fiction",
   "user_metadata": {
       "fav_streaming_service": "hulu"
   }
...
}

No mappings object

When using the SAML2 add-on, an empty mappings object generates by default. In this example, fav_genre and user_metadata.fav_streaming_service are undefined but can be customized and mapped to the Response populated by Auth0. In the example below, "fav_genre": "fiction" gets mapped to the  http://schemas.auth0.com/fav_genre attribute in the SAML Response with the fiction value while"user_metadata": {"fav_streaming_service": "hulu"} does not appear in the SAML response at all. Resulting SAML Response that the IdP sends: 
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_e30cb5f29249a82846eb" InResponseTo="_e33996d83f953ce46225185b3a1c0ad8" Version="2.0" IssueInstant="2021-11-03T21:34:42.493Z" Destination="https://example-dev-tenant.us.auth0.com/login/callback">
...
       <saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
           <saml:Attribute Name="http://schemas.auth0.com/fav_genre" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
               <saml:AttributeValue xsi:type="xs:string">
                   fiction
               </saml:AttributeValue>
           </saml:Attribute>
...
       </saml:AttributeStatement>
   </saml:Assertion>
</samlp:Response>

Standard mappings example

In the earlier example, not customizing the mappings object resulted in a http://schemas.auth0.com/fav_genre attribute in the SAML Response with the "fiction" value. Next, map the attributes in the Mappings Object of the SAML2 add-on settings to account for that. After doing so, notice how the "fiction" value is the same in the SAML Response, but the attribute name in the SAML Response has been changed from the default http://schemas.auth0.com/fav_fiction to http://schemas.auth0.com/books. Configuring the SAML2 add-on mappings object: 
"mappings": {
   "fav_genre": "http://schemas.auth0.com/books"
 }
This mapping results in the following response: 
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_e30cb5f29249a82846eb" InResponseTo="_e33996d83f953ce46225185b3a1c0ad8" Version="2.0" IssueInstant="2021-11-03T21:34:42.493Z" Destination="https://example-dev-tenant.us.auth0.com/login/callback">
...
       <saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
           <saml:Attribute Name="http://schemas.auth0.com/books" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
               <saml:AttributeValue xsi:type="xs:string">
                   fiction
               </saml:AttributeValue>
           </saml:Attribute>
...
       </saml:AttributeStatement>
   </saml:Assertion>
</samlp:Response>

Mapping the same value to multiple attributes

There may be scenarios where mapping the SAML Response to multiple attributes with the same value is required. In this case, there is the option to map the same value from the user profile to multiple attributes in the SAML Response. How to configure the SAML2 add-on mappings object: 
"mappings": {
   "fav_genre": [
     "http://schemas.auth0.com/movies",
     "http://schemas.auth0.com/books",
     "http://schemas.auth0.com/television"
   ]
 }
This mapping results in the following response: 
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_e30cb5f29249a82846eb" InResponseTo="_e33996d83f953ce46225185b3a1c0ad8" Version="2.0" IssueInstant="2021-11-03T21:34:42.493Z" Destination="https://example-dev-tenant.us.auth0.com/login/callback">
...
       <saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
           <saml:Attribute Name="http://schemas.auth0.com/movies" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
               <saml:AttributeValue xsi:type="xs:string">
                   fiction
               </saml:AttributeValue>
           </saml:Attribute>
           <saml:Attribute Name="http://schemas.auth0.com/books" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
               <saml:AttributeValue xsi:type="xs:string">
                   fiction
               </saml:AttributeValue>
           </saml:Attribute>
           <saml:Attribute Name="http://schemas.auth0.com/television" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
               <saml:AttributeValue xsi:type="xs:string">
                   fiction
               </saml:AttributeValue>
           </saml:Attribute>
...
       </saml:AttributeStatement>
   </saml:Assertion>
</samlp:Response>