Single Sign-On (SSO) can be configured with Microsoft Entra ID, G Suite, or Okta.
This article will guide you through:
- Testing common identity providers
- Troubleshooting tips
- User troubleshooting
- Browser troubleshooting
- Configuration troubleshooting
Looking for something else?
-
Not yet configured SSO with your identity provider? Learn how to set up SSO here.
Testing common identity providers
Use the below built-in testing tools provided by your identity provider to simulate login attempts to Enable.
Microsoft Entra ID
Step 1: In the Azure Portal, navigate to the Enterprise applications section.
Step 2: Select the application and click on Test under the Single Sign-on settings.
Step 3: Review any error messages and verify that the SSO setup is correct.
Step 4: Navigate to Azure Active Directory > Sign-in. Use the Azure AD Sign-in logs to review authentication attempts and errors.
G-suite
Step 1: In the Google Admin Console, navigate to the Apps section.
Step 2: Select SAML apps, choose your application, and click Test to simulate SSO login.
Step 3: Navigate to Reports > Audit > SAML. Review the SAML login logs in the Google Admin Console to identify any authentication issues.
Okta
Step 1: In the Okta Admin Console, navigate to Applications. Select your application, and click on Sign On to test the SSO configuration.
Step 2: Review any issues highlighted in the test results.
Step 3: Navigate to Reports > System Log. Use Okta’s system log to review authentication attempts and diagnose errors.
Troubleshooting tips
If testing via your identity provider above is unsuccessful, review each user, browser and configuration troubleshooting tip below to help resolve SSO issues.
User troubleshooting
You should ensure that a user can sign in with SSO. If some users can log in but others can’t, the issue is unlikely to be related to configuration.
|
Troubleshooting Tip |
Guidance |
|---|---|
|
Verify user exists |
A user won’t be able to log in to Enable via SSO if they do not exist within the Enable user list. This may be indicated by an unrecognised user error via SSO, e.g. “The sign-in process was successful but you do not currently have a user account configured in Enable.” An error in the Enable user activity logs may also indicate this, e.g. “user is not configured with user key.” Try reviewing your users to ensure the user attempting to log in exists in Enable, and create a new user in Enable if required. Learn how to view Enable users here. |
|
Verify user permissions |
A user may be able to log in with SSO successfully, but can experience issues seeing anything in Enable if they do not have the correct settings and permission. Try reviewing your users and make amendments if required. Learn about user access settings here, and how to edit permissions here. |
|
Verify user email address |
The email address used in your identity provider must match the one configured for the user within Enable. Try reviewing your users to ensure the user attempting to log in has an email address that matches exactly, including case sensitivity. Learn how to view Enable users here. |
|
Verify user domain
|
The domain in the email address (e.g. @yourorganizationname.com) may not match an approved domain configured within Enable. This may be indicated by an unauthorized email domain error via SSO, e.g. “Your email domain is not allowed for Single Sign-On.” Try reviewing the user email address used to ensure it does not contain any spelling errors, and liaise with the Enable team if you believe a new domain needs to be added to the approved list. |
|
Review logs |
If Enable recognizes an SSO attempt, your identity provider and Enable will include the attempt in the activity logs. Try reviewing your identity provider logs and Enable user activity logs for specific error messages. If no logs exist, continue to try the other troubleshooting tips below. |
Browser troubleshooting
|
Troubleshooting Tip |
Guidance |
|---|---|
|
Clear cache |
Your browser may be causing issues due to outdated or corrupted data stored in the cache. This is often indicated when a user signs in with SSO but is redirected to the sign-in page again. Try clearing your browser cache and cookies (not browser history) across all time rather than by hour/day, and attempt to log in with SSO again. |
|
Use a private browser |
Your browser may be causing other issues due to cookies and cached data. Try using a private or incognito browser window to ensure you are using a clean session for testing SSO. |
|
Change browser |
Occasionally, other issues with your browser may cause issues. Try changing the browser you are using (e.g. from Microsoft Edge to Chrome). |
|
Remove autocompleted fields from browser |
Your browser may be automatically populating text fields which cause issues when logging in. Try deleting the text written in any text fields displayed on the page so that they are blank. Then, repopulate those text fields again with the correct information before continuing. |
Configuration troubleshooting
|
Troubleshooting Tip |
Guidance |
|---|---|
|
Ensure correct SSO configuration |
Configuration must all be entered according to your identity provider’s requirements. An error in the Enable user activity logs may indicate a configuration issue, e.g. “unexpected error during processing of the identity provider's saml2 response”. Try referring to your relevant identity provider’s configuration here to ensure the steps you followed were correct, and ask your implementation team to review the setup in Enable. |
|
Verify SSO credentials |
SSO credentials used in your identity provider and Enable must match accurately. Try reviewing all SSO credentials in your identity provider (such as Entity ID, ACS URL, etc.) to ensure they are as expected. |
|
Review metadata files |
Metadata files must match the provided credentials. Try re-downloading the metadata file, and provide this to your implementation team to ensure the file matches the credentials in Enable. |
|
Verify the certificate is valid |
The SAML signing certificate used must be valid and properly configured. An outdated or expired SAML signing certificate will cause the SSO process to fail since the service provider will not trust the signed SAML assertions. Try downloading an updated certificate from your identity provider, and provide this to your implementation team to upload in Enable. |
What’s next?
Ready to confirm that SSO is working via the Enable user logs, now that your troubleshooting issues are resolved? Learn more about tracking SSO in Enable here.