Configuration is broken for some reason… The SSO login fails with a 401 Unauthorized error when the SAML assertion arrives from our IdP. In Zendesk, the SSO setup was remarkably simple. We just plugged in the metadata URL. Now, Genesys Cloud rejects the assertion because the NameID format does not match the expected email address. The Architect flow logs show the interaction reaches the SSO step but fails immediately. Is there a specific mapping rule I am missing for the email address attribute?