How to configure Auth0 as SAML IdP

Note: first_name and give_name are root attributes of an Auth0 user; these can only be set upon creation via Auth0 Management API. As of this writing, said attributes cannot be updated afterward. Click here for further reference.

Instead, the user_metadata section of the user profile will be used to specify any additional user information. Below screenshot for example.




1) Modify an existing Client or create a new one.


2) Under Addons tab of the Client, enable SAML2 Web App toggle.


Configure the following on the SAML2 Addon Settings tab:

Application Callback URL:

SAML Configuration: 

  "audience": "",
  "mappings": {
  "createUpnClaim": false,
  "passthroughClaimsWithNoMapping": false,
  "mapUnknownClaimsAsIs": false,
  "mapIdentities": false,
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "nameIdentifierProbes": [



3) Download the Identity Provider Metadata XML

The download link will be under the SAML2 Addon Usage tab. The downloaded file will be uploaded to Datadog during SAML configuration.


4) Create Rule to map the name attributes

Replace the sample code with:

function (user, context, callback) {
  context.samlConfiguration.mappings = {
    "urn:oid:": "user_metadata.firstname",
    "urn:oid:": "user_metadata.lastname"

  callback(null, user, context);


Additional Information can be found:


Have more questions? Submit a request


Please sign in to leave a comment.