How to troubleshoot Single Sign On (SAML) errors

Avatar
Ian Ratcliffe

Website Errors

On our login page it says “Sorry we could not find your account, please contact your HR Team”

Strictly speaking this isn't an error. The reason is that you have tried to login via SAML but the account in your Identity Provider does not match an account in our system. To resolve it simply create an account in our system with the same email address (or employee ID) and try again. 

On our login page it says “There is a problem with Single Sign On please contact your IT department”

This is a general error and means that there is something wrong with the setup, usually one of the following:

  • the Sign on URL is incorrect
  • the Issuer is incorrect
  • the Signing Certificate isn't SHA256

Please check you have followed the setup guide and configured your Identity Provider correctly. If you have checked everything and cannot find any issues please contact support and we will help you resolve the problem.

I can login from the Identity Providers portal but when I try and login from the Workstars login page it redirects me to a website that says “page not found” or another error

This is usually because you have entered an incorrect SAML SSO URL, please check it is correct. If you have checked and cannot find any issues please contact support and we will help you resolve the problem.

The Microsoft Sign in says “Sorry, but we’re having trouble signing you in”

If the reason says something like “The signed in user ‘xxx@yyy.zzz’ is not assigned to a role for the application ‘abfe9cf8-907c-4077-ba5a-552a85ed279b’(Workstars).”, this is usually because you have not assigned all your employees to the app in the Microsoft administration portal.

SAML Log Errors

If an employee reports that they get an error when trying to sign in using SSO (SAML) then you should first check the SAML error log.

  1. Login to the administration portal

  2. In the top menu, click System Settings

  3. Click the Sign In tab

  4. For the appropriate Identity Provider, click the [...] button and choose View Errors

Below are several possible errors and how to resolve them:

MessageRecommended Actions
NameID (XYZ) - could not find a matching account.

There is no account which uses the NameID specified:

  • Check that there is an account for this employee in the system and that the NameID (usually email) is correct
NameID (XYZ) - the employee (XXXX) has been deleted, see the leavers log.

We cant find an active account but there is an account that was previously deleted:

  • Add the employee
NameID (XYZ) - the employee (XXXX) has an account but is not assigned to a position.

We found an account but the account is not setup correctly:

  • Assign the employee to a position

 

 

 

 

Was this article helpful?

0 out of 0 found this helpful

Related articles

Comments (0 comments)

Article is closed for comments.