We have discovered that, at least for some instances, Zitadel seems to link the user name property in its IDP configuration to a different property than the email address. The user ID property by itself does not appear to be enough to perform a successful login.
We're unsure what the correct property is as of yet, and it's possible this is configurable. It's also possible Zitadel should be looking up the property with the user's unambiguous ID instead of relying on this additional mapping. We've contacted Zitadel support instead of code delving for now.
We have discovered that, at least for some instances, Zitadel seems to link the user name property in its IDP configuration to a different property than the email address. The user ID property by itself does not appear to be enough to perform a successful login.
We're unsure what the correct property is as of yet, and it's possible this is configurable. It's also possible Zitadel should be looking up the property with the user's unambiguous ID instead of relying on this additional mapping. We've contacted Zitadel support instead of code delving for now.