How can i reproduce this login-pattern in Actions V2?

I am using Zitadel as a SP in with a SAML external identity provider where users does not have any email, and user info is stored strange attributes.

I am using a actions v1 etup inspired by this: https://zitadel.com/docs/guides/integrate/identity-providers/mocksaml#optional-add-zitadel-action-to-autofill-userdata

However i have problems replicating this in actions v2.

Since we do not have an email for the user in actions v1 i configure a fake email. It works as intended.

But with actions v2 no action is run before i get the following response from zitadel (login v1)
"Email is empty (EMAIL-spblu)"

So i have no way of replicating this scenario in v2.

ZITADEL Docs

MockSAML is not intended for any production environment, only for test purposes

Ask Inkeep•12/8/25, 10:32 PM

Hi @enongio, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.

Ask Inkeep•12/8/25, 10:32 PM

Answer

I wasn’t able to find a direct, documented way to reproduce this exact “fake email before validation” pattern with Actions V2.

Here are some relevant sources that might help you reason about options and constraints:

[Code examples] [(1) ](<https://zitadel.com/docs/apis/actions/code-examples>) : Shows multiple Actions V2 examples for SAML IdPs (e.g. `post_auth_saml.js`, `okta_saml_prefil_register_form.js`, `entra_id_saml_prefil_register_form.js`, `org_metadata_attribute.js`) that demonstrate how to map SAML attributes and manipulate user data and SAML responses, but they all assume that required fields like email are already available or mappable from attributes.
[Authenticate users with SAML] [(2) ](<https://zitadel.com/docs/guides/integrate/login/saml>) : Explains ZITADEL’s SAML SP behaviour and the SAML flows, but does not describe a mechanism to bypass or defer email validation until after an Action V2 runs, nor how to allow users without an email attribute.

Given the lack of an explicit hook before the “Email is empty” validation in the available material, I can’t see a documented way to fully replicate your Action V1 pattern with V2 based solely on these sources.

If you want, I can try to give a more general, non‑document‑backed suggestion (e.g. possible workarounds or patterns) – or you can click “Ask for help” so a ZITADEL team member can jump in and confirm current behaviour and options.

Ask Inkeep•12/8/25, 10:32 PM

To learn more, see the sources I considered:

[1] Code examples
[2] Authenticate users with SAML

Ask Inkeep•12/8/25, 10:32 PM

Feel free to tag @Ask Inkeep with additional questions.