Overview
The error "Invalid user" occurs during SSO login attempts for . This issue was due to an incorrect public certificate configuration in the SSO settings.
The problem can be resolved by updating the SSO configuration with the correct certificate from the federation metadata. Once corrected, the SSO login functioned as expected, allowing users to authenticate successfully.
Information
Error Message: "Invalid user"
Cause: The error was caused by an incorrect public certificate configuration in the SSO settings, preventing proper authentication.
Resolution Steps:
-
Verify SSO Configuration:
- Ensure the SSO settings in are correctly configured with the Azure AD federation metadata.
-
Update Public Certificate:
- Fetch the correct Azure AD public certificate from the federation metadata URL:
https://login.microsoftonline.com/<tenant_id>/federationmetadata/2007-06/federationmetadata.xml?appid=<app_id> - Extract the
<X509Certificate>value from the XML. - Update the SSO settings in with the correct certificate.
- Fetch the correct Azure AD public certificate from the federation metadata URL:
-
Test SSO Login:
- Attempt to log in using SSO with a test account.
- Verify successful redirection to the Microsoft login page and access to .
-
Enable SSO for All Users:
- Once confirmed, enable SSO for all users in the organization.
- Set "Automatically enable new users" to "All" in the SSO/SAML settings.
-
Verify Organization-Wide Access:
- Confirm that all users can log in using SSO without issues.
Note: If issues persist, ensure the certificate is correctly formatted and matches the Azure AD configuration.