45050: Authentication error - Missing User Attributes

Flex returns this error when the authentication response for a user does not include the required user attributes. For Flex authentication and user provisioning, the required attributes include roles, full_name, and email.

• Your identity provider or authentication service did not send one or more mandatory attributes, such as roles, full_name, or email.
• The attribute names in your SAML assertion were mapped incorrectly, so Flex could not interpret them. For example, Flex expects attribute names such as roles rather than a namespaced claim URL.
• The roles attribute was not passed in the claims, or it was not provided in a format Flex can interpret as a list of roles.
• Your user provisioning flow omitted required fields or sent empty values for full_name, email, or roles. The Flex Users API requires all three fields when you provision a user.

• Update your identity provider or custom authentication service to send full_name, email, and roles for every Flex user who signs in.
• Verify that your SAML assertion uses the expected attribute names and remove namespace-style claim names that prevent Flex from mapping the attributes correctly.
• Make sure roles includes at least one valid Flex role. Valid roles include agent, supervisor, and admin.
• If you provision users through the Flex Users API, include the required email, full_name, and roles fields in the /Users/Provision request before you mint the user's authentication token.
• Sign in again and confirm that the user record shows the expected full name, email, and assigned roles. You can verify these attributes in Flex UI or in the TaskRouter Worker record.

• Configuring SSO and IdP in Flex
• Flex SDK authentication
• Flex Users API