SAML assertion UserID

For some reason Okta SAML assertion returns user email as NameID even when “Persistent” type is selected.
User email is not really an immutable property and can be renamed for example. So we need a more “persistent” user ID instead like the Okta user ID (which is BTW correctly returned by OpenID connector).

Any ideas how to get user ID through SAML auth?

On the Sign On tab you can change the mapping (including custom where you can use expression language):



Sorry, can you please clarify whether you mean “Application username” dropdown?
Setting it to “okta username” didn’t help.
I still don’t see userID similar to this one (00u25f75zPX9RN32c4x6) anywhere …

Hi @Pett

Please navigate in your Okta administrative dashboard to Users/Directory >> Profile Editor >> your application >> Mappings >> Okta to your application >> and, for the section Username is set by *your application*, press Override with mapping and add the following expression user.getInternalProperty("id").

Here is an example on how it would look like when previewing the assertion: