JIT user provisioning error with SAML IDP

I’m having trouble with a SAML IDP setup in my okta dev account.
I can login fine with a user that exists in both okta and the IDP, but when I try to login with a new user from the IDP that is not in Okta, the JIT user provisioning always fails.

It shows errors in the dashboard saying “Create okta user failure”
and
user.lifecycle.create (id: unknown)

I’ve tried playing with the profile mappings, but nothing seems to work. I don’t know why it says the id is unknown, when it is able find and log the id from the SAML response.

Hi @grumpymatt

Can you please check that firstName, lastName and email are sent in the assertion from the identity provider and mapped correctly in order for the user to be created in Okta?

Yes, that worked. I had mapped email, but not firstName and LastName.

I feel the like the saml IDP docs should note the required fields somewhere. Maybe I missed that.

Thanks