When newly created technicians attempt to log in to ADManager Plus, they encounter the following error message:
As logon restrictions are enforced, you can login using only the built-in accounts. Please contact your administrator for details.
This error occurs when the Impersonate as admin option is not enabled for a technician, and the technician has not logged in before the Force SAML option is enabled. Since the technician’s details are not stored in the product before the SAML enforcement, ADManager Plus cannot authenticate their identity, preventing their login.
The technician must log in at least once using Active Directory credentials before enabling Force SAML if the impersonate as admin is not configured for the technician.
Log in to ADManager Plus as the default admin.
Navigate to Delegation > Logon Settings > SSO Configuration.
Uncheck the Force SAML option.
Save the settings.
Instruct the affected technician to log in once using their AD credentials in ADManager Plus.
Ensure that the login is successful and their details are registered in the product.
Navigate to Delegation > Logon Settings > SSO Configuration.
Re-check the Force SAML option.
Save the settings.
Now, the technician should be able to log in using SAML authentication without encountering the error.
If Impersonate as admin is enabled, no manual login is required before enforcing SAML.
Ensure the Identity Provider (IdP) configuration in ADManager Plus matches the settings in your SAML provider.