Prerequisites
Identity Provider: Auth0
setup idp link: https://portal.biganimal.com/setup-idp/GdU3LZmDC9XrrbpKmuOpR2AX6oJBDkxb with the below configuration. (Please note, customers should use their own URLs which were generated before the meeting. The URL here is just for testing and sharing.)
description: this is for SS AWS SSO test
domainName: ss0525.com
organizationName: SS AWS
sfId: sfid_abcedfg_wersdnck
Steps
Auth0
1. Applications -> Applications -> Create Application
2. Input your application name and select 'Native' 
3. Switch to 'Addons' and enable SAML2 as below 
4. Copy 'Assertion Consumer Service URL' from BigAnimal 'Connection Info' to Auth0 'Application Callback URL''.
5. Copy the Audience URI from the Set Up Identity Provide page in BigAnimal and paste it as the audience value in the Settings field. 
Below is an example of Settings.
{
"audience": "copy from BigAnimal Audience URI",
"mappings": {
"upn": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"nickname": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
},
"createUpnClaim": false,
"passthroughClaimsWithNoMapping": false,
"mapUnknownClaimsAsIs": false,
"mapIdentities": false,
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:email",
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
]
}
6. Enable and Save the config
7. Go to Usage and get the Identity Provider Login URL 
8. Close the prompted window and then go to application's Settings, scroll down 
9. At the bottom of this page, expand 'Advanced Settings' -> 'Certificate' -> 'Download Certificate' with PEM format. 
10. Go to Organizations, and please choose 'Individuals for personal use' or 'Both'. Using Auth0 client app as SAML IdP with setting of 'Team members of organizations' is NOT supported by Auth0. 
BigAnimal Setup IDP - Setup Config
11. Go to BigAnimal 'Setup Config' section,
a. paste the Login URL you get at step 7 into Single Sign-On URL.
b. Upload the certificate downloaded at step 9
c. Request Binding: HTTP POST
d. Response Signature Algorithm: rsa-sha256 is recommended
12. Now you can click Test Connection. If it's successful, then you can click 'Sign in to BigAnimal' to complete the Signup process
How to configure your own attributes mapping
The below example was tested. Auth0 doesn't always have givenname or surname, but givenname and surname are needed by BigAnimal. So we map Auth0's name and nickname onto BigAnimal's surname and givenname.
"upn": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"nickname": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
Reference: Auth0 doc
Customize your attribute mapping
You can also check your user structure from User Management -> Users, click the user and go to Raw JSON. 
BigAnimal Supported attributes
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Screen recording: https://drive.google.com/file/d/1oYonoB625JLn_cUp5eDPhprYMxzDlnyQ/view?usp=sharing
Related topic: