Troubleshooting SAML authorization errors

Who can use this feature

  • Supported on Team and Enterprise plans
  • Note: Team plans are limited to Okta and Google SAML only
  • Org admins can edit SSO settings

SAML-based single sign-on (SSO) gives members access to Writer through an identity provider (IDP) of your choice. If you’re having trouble setting this up, find your error message in the table below to learn how to fix it.

What causes SAML errors?

SAML errors usually occur when there’s missing or incorrect information entered during your SAML setup. You can resolve most of these issues from your IDP settings, but for some, you’ll need to update your SSO settings in Writer as well.

SAML error messages

Error message How to fix it
SAML request creation error: No idp entityId found

The IdP metadata is invalid, possibly expired.

Go to the Writer SAML settings page. Upload the metadata from the IdP as described here.
SAML response parsing error: Subject confirmation validation failed

The SAML request SubjectConfirmationData is invalid. Usually the Recipient attribute is absent or incorrect.

Copy the SP ENTITY I field value from the Writer SAML settings page to the Recipient/Audience/Entity ID field on the IdP settings page as described here.
Request contain invalid SP Entity ID

The SAML IdP settings are incorrect because the SP EntityID is wrong.

Copy the SP ENTITY I field value from the Writer SAML settings page to the Recipient/Audience/Entity ID field on the IdP settings page as described here.
Given email domain is not bound to your organization

The SAML IdP return an email with a different domain than the one configured during setup.

Add the given email domain to the SAML domain management section of the Writer single sign-on settings page here.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Support Contact Support