Expand my Community achievements bar.

SSO - Error "Access Denied" logging in

Avatar

Employee

I have seen recently an increase of these kind of cases coming into our support teams. Thought I would address a good way to trouble shoot them:

If you have a user getting "Access Denied" Here is some possible ways to address this:

Possible causes for this error:

  • The first name, last name, or email address being sent in the SAML assertion does not match the information entered in the Admin Console.
  • The user isn't associated to the right product, or the product is not associated with the correct entitlement.
  • The SAML user name is coming across as something other than an email address. All users must be in the domain you claimed as part of the setup process.
  • Your SSO client utilizes JavaScript as part of the login process, and you're attempting to log in to a client that doesn't support JavaScript (such as Creative Cloud Packager).
  • Run a SAML trace and validate that the information being sent matches the dashboard, and then correct any inconsistencies. How to perform a SAML Trace

Hope this helps!

Kerry Nelson

0 Replies