Can anyone please suggest when user can face this error? Received this while logging through SSO.
Please open a support ticket
yes that is correct.
Interesting. We had this issue yesterday as well. In cases where SSO randomly stops working, we usually do one/all of the following,
- try logging in using the SAML url which looks something like https://sdp.anaplan.com/frontdoor/saml/<tenant>saml
- ask the user the clear their cookies/cache or try via incognito mode to see if it's related to the browser, and
- I typically toggle their user account between SSO and exception user. When I toggle their account, I have them reset their password using the anaplan.com login, use that password to login once, the re-apply them as an SSO user and it seems to fix it (why this works, I have no idea).
If a user has just been setup and SSO doesn't work, we find it's usually a mismatch between the users email address in Anaplan vs active directory/Okta/your IDP (such as a maiden name or mispelling).
@VDPriya If the SSO login is not working only for a particular user, but other users can connect to Anaplan using the SSO, there could be other 3 possibilities:
1. The Anaplan user is blocked. A user is blocked after 5 consecutive unsuccessful attempts to connect to Anaplan. Unfortunately, there is no way to know exactly if a user is blocked as the error message is not helpful for this case. The user can be un-blocked by the Anaplan support by asking them to check and unblock the user ( email to [email protected] ). This could be the case if the user was able previously to connect to Anaplan via SSO.
2. The user is not correctly setup to connect via SSO. It is possible that the user needs to be part of a particular group in Active Directory in order to be able to connect to Anaplan via SSO. This should be known by who is in charge of the Anaplan SSO setup ( IT Department !?).
3. It is possible that in order to work the SSO authentication, the user needs to be first connected to some Company VPN. Check if this applies in your case.
It is always useful to use the direct link to connect via SSO (as @luke_e mentioned) to know for sure if the user really is not able to connect to Anaplan.
The direct link can be identified by an Anaplan Tenant Admin in the SSO setup section from the Administration menu.
Hope it helps!
@luke_e : flagging the user to be "exception user" in order to be able to reset their password and re-connect to Anaplan, force a user that it's blocked to un-block it.
This is another way to un-block a user by themselves and it works only for the non SSO users, without necessarily asking the Anaplan support to do it for you.
This is my empirical explanation of why does it work... 🙂
Hope it helps