SAML FAQ's

SAML FAQ's

Please find the list of frequently asked queries in SAML

1. I have enabled SAML but still could not find a way to log in using SAML

Since the application has multi-tenant feature there are certain security added to the SAML login. In a SAML configuration, if only one account is assigned, then SAML SSO will work only when the application is accessed via the Account-Specific URL and not the default URL. 

If Mark as Default SAML configuration is enabled, then SAML SSO will work with the default URL. However, the SAML configuration will apply for all accounts. 

2. When a new user logs into the application using SAML, how will it work?

The application matches the application username with the SAML username, when it matches the existing user is overridden, if it does not a new user will be created which we call it Dynamic User Addition

If Mark as Default SAML configuration is enabled then the dynamic user addition will not work, since the application does not know which account the user belongs to. 
If SAML is configured to a specific account, then Dynamic User addition will work, the user present in iDP will be created as a user in SDP-MSP

3. A user is unable to login dynamically, receiving Error code 60

If the name ID format is set to Email Address, then the dynamic user addition does not work. The reason is, dynamic user addition looks up the email address field and in MSP, the uniqueness of a user is based on the loginname. If user login via dynamic user addition, opt for other name id format. 
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                  See all integrations
                  New to ADManager Plus?
                  See all integrations
                  New to ADManager Plus?

                    New to ADSelfService Plus?

                    Start your free trial
                    Start your free trial

                      • Related Articles

                      • Startup issue in Linux after fresh installation_Error code 10001

                        In certain scenario, the application cannot be started just after the fresh install. Below are the error traces, [06:24:57:427]|[10-11-2021]|[pglog]|[INFO]|[18]: -sh: 1: /root/ManageEngine/ServiceDeskPlus-MSP/pgsql/bin/pg_ctl: Permission denied| ...

                      • SAML | Configure KeyCloak as IDP

                        Setting up KeyCloak Download KeyCloak from their official website (Used v25 here). Open conf/keycloak.conf and enter the hostname Run sh kc.sh start-dev Create a user and login at http://localhost:8080 Setting up the IDP: To enable logging, go to ...

                      • Unable to configure SAML using OneLogin -Uploaded Certificate is Invalid

                        Upon configuring SAML, if you come across the below errors: Uploaded Certificate is Invalid (Happens with .PEM cert generated in OneLogin) failed to update IdP details. Check logs for details Verify the below trace in the Logs: ...

                      • 9205662 - Debug jar : SAML Dynamic User Addition

                        Issue: SAML login with existing user works, But Error while dynamic user addition. Debug: Additional prints will be printed in the serverout. Steps to get the Debug logs: Download the attached 14500_9205662_SAML_DYNAMIC_USER_ADDITION_DEBUG.fjar file ...

                      • Login diectly with SAML / Query to enable AD or Local Auth when there is an issue with SAML

                        Issue: When users have AD and/or local authentication enabled along with SAML, the login page is shown when a link from an email is clicked and users need to click "Login with SAML" again. Workaround 1: You can bookmark, <sdp_url>/SamlRequestServlet ...

                        Related Products