Other Common SAML SSO Problems and Troubleshooting

If users in your database see the following error messages when logging in to your Ragic database using SAML SSO, here’s how you can troubleshoot.

1. Your User Group Isn’t Allowed to Log in via Saml SSO.

If a user sees this message when logging in, this means SAML SSO login is disallowed in your database, and the user is not in the user group included in ignore denied login method for the user group. If you would like to allow that user to log in to your database via SAML SSO, please go to Company Settings and select that user’s respective user group in the "Ignore Denied Login Method for User Groups" field.

2. (Email ID) Is Not Using the Correct Email Address Format. Please Make Sure the Email Address Attribute on Your Identity Provider Is Correct.

Please go to the attribute settings in your identity provider to make sure that your identity provider returns email addresses to Ragic using the correct format.

3. IDP Error Message

This means the user passed the IDP verification without using a password. If you would like to allow this method, please select "Yes" in the "Skip Authentication Method Check" field in Company Settings.

4. Can SAML Login Restrict Access for Internal and External Users?

When using SAML login, any Ragic user in the account, whether internal or external, can log in.

If the user does not already exist in the account, the system behavior depends on the account plan:

(1) Concurrent Users Plan: The user will be automatically created as an Internal User. External Users will not be created.

(2) Non-Concurrent Users Plan: The system will not create a user account automatically and will display a message indicating that the user does not exist.