Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SSO - Error "Access Denied" logging in

Kenelson2
Employee
Employee

I have seen recently an increase of these kind of cases coming into our support teams. Thought I would address a good way to trouble shoot them:

If you have a user getting "Access Denied" Here is some possible ways to address this:

Possible causes for this error:

  • The first name, last name, or email address being sent in the SAML assertion does not match the information entered in the Admin Console.
  • The user isn't associated to the right product, or the product is not associated with the correct entitlement.
  • The SAML user name is coming across as something other than an email address. All users must be in the domain you claimed as part of the setup process.
  • Your SSO client utilizes JavaScript as part of the login process, and you're attempting to log in to a client that doesn't support JavaScript (such as Creative Cloud Packager).
  • Run a SAML trace and validate that the information being sent matches the dashboard, and then correct any inconsistencies. How to perform a SAML Trace

Hope this helps!

Kerry Nelson

0 Replies