Logon Restriction error in ADManager Plus

Logon Restriction error in ADManager Plus

Issue description   

When newly created technicians attempt to log in to ADManager Plus, they encounter the following error message:

As logon restrictions are enforced, you can login using only the built-in accounts. Please contact your administrator for details.

Possible causes

This error occurs when the Impersonate as admin option is not enabled for a technician, and the technician has not logged in before the Force SAML option is enabled. Since the technician’s details are not stored in the product before the SAML enforcement, ADManager Plus cannot authenticate their identity, preventing their login.

Prerequisites   

  • The technician must log in at least once using Active Directory credentials before enabling Force SAML if the impersonate as admin is not configured for the technician.

Resolution 

Step 1: Disable Force SAML   

  1. Log in to ADManager Plus as the default admin.

  2. Navigate to Delegation > Logon Settings > SSO Configuration.

  3. Uncheck the Force SAML option.

  4. Save the settings.

Step 2: Ask the technician to log in   

  1. Instruct the affected technician to log in once using their AD credentials in ADManager Plus.

  2. Ensure that the login is successful and their details are registered in the product.

Step 3: Re-enable Force SAML   

  1. Navigate to Delegation > Logon Settings > SSO Configuration.

  2. Re-check the Force SAML option.

  3. Save the settings.

Now, the technician should be able to log in using SAML authentication without encountering the error.

Tips   

  • If Impersonate as admin is enabled, no manual login is required before enforcing SAML.

  • Ensure the Identity Provider (IdP) configuration in ADManager Plus matches the settings in your SAML provider.

How to reach support  

If the issue persists, contact our support team here

                  New to ADSelfService Plus?

                    • Related Articles

                    • Error: Unable to generate Microsoft 365 user logon reports in ADManager Plus

                      Issue description ADManager Plus enables technicians to generate Microsoft 365 user logon reports to monitor user activity, enhance security, and meet compliance requirements. These reports assist in: Auditing user logins: Tracking when and where ...
                    • Duplicate SSO login attribute causing SAML error in ADManager Plus

                      Issue description When attempting to log in to ADManager Plus using SAML authentication, users may encounter the following error: Login failed. The SSO login attribute value "user@example.com" is not unique within the domains configured in ADManager ...
                    • Unable to start ADManager Plus

                      Issue description ADManager Plus may sometimes fail to start, either displaying an error message while initiating as a console or stopping unexpectedly during the startup process. This issue can disrupt administrative tasks and delay critical ...
                    • How to install ADManager Plus in AWS

                      Steps to install ADManager Plus in Amazon Web Services EC2 instance: Logon to your Amazon Web Services (AWS) account. Select the configured EC2 instance and click the connect button. Connect to your Windows instance using: RDP client by downloading ...
                    • How to disable the "Logon on to" option in ADManager Plus's login Page

                      This KB will explain how you can disable ADManager Plus's "Logon on to" option in the product's login page so that the technicians can login with domain/sAMAccoutnName or UPN. Navigate to Admin tab > General Settings > Server Settings > Logon ...