Okta/Zitadel SAML: Email is empty (EMAIL-spblu) when user not exist and auto-creation is enabled
🏬Self-hosted❓Question🧩Integrations❌Unsolved
Hi, i am trying to integrate Okta IDP with Zitadel via SAML. i made everything according to the documentation: https://zitadel.com/docs/guides/integrate/identity-providers/okta-saml
affected versions: v2.67.2 and v2.71.19
helm chart version: 8.13.1
SAML IDP configuration
- Automatic creation
- Automatic update
- Account creation allowed (manually)
- Account linking allowed (manually)
Okta returns xml with required attributes (i added more attributes on Okta side to debug)
- givenname
- surname
- emailaddress
- email
- nameID
- groups
Map script i used in Flow: External Authentication, Trigger: Post authentication
Script content took from here: https://zitadel.com/docs/guides/integrate/identity-providers/okta-saml#add-action-to-map-user-attributes
I tried to change the script in the same flow and trigger to throw an error to check if the script is running, but looks like script is not running as after changing the script i get same error:
It works perfect when the user is already present in zitadel, but it fails to create the user if it doesn't exist with the error in UI:
I didn't find any useful logs in zitadel containers with info/debug logger set
Please suggest what i can do/check to be able to auto-create users in zitadel using Okta SAML IDP?
affected versions: v2.67.2 and v2.71.19
helm chart version: 8.13.1
SAML IDP configuration
- Automatic creation
- Automatic update
- Account creation allowed (manually)
- Account linking allowed (manually)
Okta returns xml with required attributes (i added more attributes on Okta side to debug)
- givenname
- surname
- emailaddress
- nameID
- groups
Map script i used in Flow: External Authentication, Trigger: Post authentication
Script content took from here: https://zitadel.com/docs/guides/integrate/identity-providers/okta-saml#add-action-to-map-user-attributes
I tried to change the script in the same flow and trigger to throw an error to check if the script is running, but looks like script is not running as after changing the script i get same error:
EMAIL-spbluIt works perfect when the user is already present in zitadel, but it fails to create the user if it doesn't exist with the error in UI:
EMAIL-spbluI didn't find any useful logs in zitadel containers with info/debug logger set
Please suggest what i can do/check to be able to auto-create users in zitadel using Okta SAML IDP?
