Mapping Custom Attributes From a Custom Azure AD SAML Connection

ConnectionsSingle Sign-On
Feb 20, 2026
Overview

This article explains how to map custom attributes from a Microsoft Azure Active Directory (Azure AD) Security Assertion Markup Language (SAML) connection to an Auth0 user profile. The process involves defining the claims in Azure AD and then creating corresponding mappings in the Auth0 SAML connection settings.

Applies To

  • Custom SAML Connections

  • Microsoft Azure Active Directory (Azure AD)

  • Attribute Mapping

  • Enterprise Connections

Solution

To map custom attributes from a SAML identity provider like Azure AD to Auth0, claims must first be defined on the Azure AD side and then mapped to the desired Auth0 user profile attributes in the Auth0 connection settings.

Step 1: Define Custom Claims in Azure AD

First, configure the claims that will be sent in the SAML assertion from Azure AD.

  1. Navigate to the Azure Portal.

  2. Go to Enterprise Applications and select the SAML application used for the connection.

  3. Select Single Sign-On and go to the Attributes & Claims section.

  4. Add or edit claims to include the custom attributes to be sent to Auth0. For each claim, define a namespace and name, and select the source user attribute (e.g., user.companyname).

Step 2: Configure Attribute Mapping in Auth0

Next, configure the SAML enterprise connection in Auth0 to correctly interpret the incoming claims from Azure AD.

  1. Navigate to the Auth0 Dashboard.

  2. Go to Authentication > Enterprise and select SAML.

  3. Choose the custom SAML connection for Azure AD.

  4. Under the Settings tab, enable the Sync user profile attributes at each login toggle. This ensures that user attributes are updated with every login.

  5. Scroll down to the Mappings section.

  6. In the mappings field, define the relationship between the incoming SAML claim and the desired Auth0 user profile attribute. The key on the left is the full claim name from Azure AD, and the value on the right is the target attribute name in the Auth0 user profile.

Example Mapping:

To map the Azure AD claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/companyname to an Auth0 attribute named company_name, the mapping would be:

{
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/companyname": "company_name"
}

If no mapping is provided, Auth0 will still create the attribute, but it will derive the name from the last part of the claim's namespace (e.g., companyname). After a user signs in through this connection, the newly mapped attribute will be visible in the root of their Auth0 user profile.

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community