Configuring SAML single-sign-on on the Elastic Stack - User metadata - 《Elasticsearch v7.9 Reference》

User metadata

By default users who authenticate via SAML will have some additional metadata fields.

saml_nameid will be set to the value of the NameID element in the SAML authentication response
saml_nameid_format will be set to the full URI of the NameID’s format attribute
Every SAML Attribute that is provided in the authentication response (regardless of whether it is mapped to an Elasticsearch user property), will be added as the metadata field saml(name) where “name” is the full URI name of the attribute. For example saml(urn:oid:0.9.2342.19200300.100.1.3).
For every SAML Attribute that has a friendlyName, will also be added as the metadata field saml_friendlyName where “name” is the full URI name of the attribute. For example saml_mail.

This behaviour can be disabled by adding populate_user_metadata: false to as a setting in the saml realm.