Duplicate SSO login attribute causing SAML error in ADManager Plus

Duplicate SSO login attribute causing SAML error in ADManager Plus

Issue description   

When attempting to log in to ADManager Plus using SAML authentication, users may encounter the following error:

Login failed. The SSO login attribute value "user@example.com" is not unique within the domains configured in ADManager Plus. Please contact your administrator.

This error occurs when the SAML authentication process provides an attribute value that matches multiple user entries in ADManager Plus, preventing the system from uniquely identifying the user.

Possible causes   

  1. Duplicate email address: The same email address is assigned to multiple users in Active Directory (AD).

  2. Misconfigured SAML attribute mapping: Incorrect mapping in ADManager Plus might be causing authentication to search for an attribute that is not unique.

  3. Multiple domains in ADManager Plus: If multiple domains are configured in ADManager Plus, a user with the same login attribute across different domains may trigger the error.

Prerequisites   

  • Ensure you have admin rights on both ADManager Plus and your Identity Provider (IdP) administrative console.

Resolution 

Step 1: Identify duplicate user entries in Active Directory   

  1. Open Active Directory Users and Computers (ADUC).

  2. In the search bar, enter the conflicting login attribute (Email).

  3. If multiple users appear, note their domain and OU locations.

  4. If duplicate values exist, either:

    • Modify one of the duplicate user entries by updating the email, UPN, or sAMAccountName.

    • Remove the duplicate user if it is no longer in use.

 Step 2: Verify SAML attribute mapping in ADManager Plus   

  1. Log in to ADManager Plus with administrator privileges.

  2. Navigate to Delegation > Configuration > Logon Settings > Single Sign-On.

  3. Find the Attribute Mapping Selection section.

  4. Verify which Active Directory attribute (e.g., mail) is configured for authentication.

  5. Confirm that the value of this attribute is unique for each user across the entire Active Directory

Step 3: Reconfigure the SAML attribute in ADManager Plus (If needed)   

  1. If duplicate attributes cannot be resolved in AD, modify the SAML authentication mapping in ADManager Plus:

    • Set the login attribute to User Principal Name (UPN) instead of mail or sAMAccountName.

  1. Save the changes and restart ADManager Plus.

Step 4: Test SAML login   

  1. Have the affected user attempt to log in again.

  2. If login still fails, double-check the SAML attribute mapping and AD user entries.

Tips   

  • Standardize User Principal Name (UPN) as the authentication attribute for SAML.

  • Regularly audit AD accounts to prevent duplicate entries.

  • Check SAML response in Serverout logs in ADManager Plus for detailed debugging information.

How to reach support  

If the issue persists, contact our support team here.  

      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • Error: Sorry, an error occurred in SAML Login during SSO redirection from ADManager Plus to the IdP

                      Issue description When attempting to log in to ADManager Plus using SAML Single Sign-On (SSO), users may encounter the following error message: "Sorry, an error occurred in SAML Login" ; "Please check the SAML Authentication configuration". This ...

                    • SSO setup in ADManager Plus fails with errors after authentication

                      Issue description After configuring single sign-on (SSO) for ADManager Plus using an identity provider (IdP), such as Okta, Active Directory Federation Services (AD FS), Entra ID, or any SAML-compliant provider, users may encounter errors like: An ...

                    • How do I configure Okta SSO using ADManager Plus?

                      Objective This article explains how to integrate Okta with ADManager Plus using SAML 2.0 to enable secure SSO. This integration allows users to log in to ADManager Plus using their Okta credentials, streamline access, improve authentication security, ...

                    • How to enable SSO in ADManager Plus

                      ADManager Plus offers a built-in option to configure Active-Directory-based SSO to access or log in to it. This SSO option supports both NTLMv2- and SAML-based authentication. Steps to configure SSO to log in to ADManager Plus Click the Delegation ...

                    • Error encountered during SAML authentication in ADManager Plus

                      Issue description When users attempt to log in to ADManager Plus using SAML authentication, they may encounter the following error message: AADSTS75011: The authentication method used by the user does not match the authentication method requested by ...

                      Related Products