Whether you have integrated your Active Directory Federation Service (ADFS), Okta, or Microsoft Entra ID (formerly Azure Active Directory) authentication into the CivicPlus Single Sign-On and are experiencing issues with users logging in or permissions management, this article may guide you in troubleshooting the issue or providing the necessary information to CivicPlus Technical Support for further assistance.
The first question to ask yourself is, “Is the issue occurring for one user, multiple users, or possibly all users?”
- If the issue is occurring for all users, then likely there is a configuration problem. Please ensure the Secure Sockets Layer (SSL) Transport Layer Security (TLS) security certificates used by your ADFS service and any proxy servers are still valid (i.e. not expired or revoked).
- If you have recently made any changes to your Identity Service environment (such as changes in firewall or Internet Protocol (IP) restrictions, changes in email domains, changes in all user permissions, Okta or Microsoft Entra ID (Azure AD) web app configuration changes, or if it is a new website that you are having difficulties with), please note these changes and contact Technical Support for further guidance.
- If the issue is only occurring for some but not all users, check to see if they are logging in with the appropriate URL. Ensure that they are using the correct credentials for login (such as domain\username), that they have been granted permissions to access the web app (Okta or Active Directory), that they have an email address (AD mail attribute in Active Directory), and that they have the necessary group permissions within CivicPlus the web application.
- If the issue is only being reported by a single user, check to ensure the user is logging in using the correct URL and username, that their directory service account password has not expired and their account is not locked or disabled, that they have been granted permissions to access the web app (Okta/Microsoft Entra ID), that they have an email address (AD mail attribute in Active Directory) and that they have the necessary group permissions within CivicPlus the web application.
Also, take note of where the users are experiencing the login error. Is the error occurring on the identity service login prompt, on the CivicPlus Single Sign-On login prompt, or the CivicPlus application? This will help determine where the error is occurring.
If you require further assistance from CivicPlus to assist with troubleshooting, please include your answers to all of the following questions in your ticket to support:
- How many users are being affected (one, multiple, or possibly all users)?
- What are the steps taken to log in that produce the error?
Note: Please provide the step-by-step login process including all URLs and/or links clicked in the process
- Include a screenshot of the error message that also shows the URL at the top of the browser
- Which applications are affected?
Note: Please include all CivicPlus websites where users are experiencing the issue
- Provide example names and emails of users who are affected
- Provide any other information that you discovered from your own troubleshooting