By default the SAML response of the WSO2 Identity Server will contain the tenant domain in the response. See the below response block which containts the tenant domain appended to the NAMEID element. <saml2:NameIDFormat ="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> admin@carbon.super </saml2:NameID> If you want to get rid of the tenant domain being appended you can follow one of the below methods to accomplish this Method 1 - Disabling this option from the management console. Log into the management console of the Identity Server Expand your service provider configuration and select the 'Local & Outbound Authentication Configuration' option Untick the option 'Use tenant domain in local subject identifier' Now the tenant domain would not be displayed in your SAML response. Method 2 - Setting this value for the file based Service Provider configurations Given that you have configured the serv