If experiencing issues with users logging in, auto account creation, or group syncing, first check to see if these features are enabled in the SAML Administration module (must be in the System Administrator group to access this module).
Below are basic troubleshooting questions that if addressed, speeds up the support process. If possible, please include the answers in your ticket to support.
- Is the user logging in with their Active Directory credentials?*
- Is the user logging in via the ADFS service login prompt?
- What error does the user get when they try to log in? Please provide a screenshot.
- Does the user’s name, email address and group information appear in the SAML diagnostics?** Please provide Response data.
*Users must log in using their Active Directory login (username, domain\username or username@domain), not their email.
- Note: The "username" in the User Administration module is not what is used for authentication. Authentication happens with the identity service and we sync accounts on ADFS Name ID claim value to the username in CivicPlus.
** To use the SAML diagnostics tool, log out and back in using the link, https://[httpsDomainofSite]/admin/?samldiag=ON. You must first have the Admin Login Page enabled for SAML Login (must be enabled by a System Administrator in the SAML Administration module) to use this diagnostics tool. After logging in, look to see what information is in the Response data. You should see information for email, first name, last name and groups listed there.