Login Issue using SSO

Can anyone please suggest when user can face this error? Received this while logging through SSO.

 

VDPriya_0-1662480987627.png

 

Thank you!

 

Comments

  • Please open a support ticket

  • Can you please help me how can i do that? Is it Just emailing to [email protected] ?
  • yes that is correct.

  • Thanks a lot!
  • Interesting. We had this issue yesterday as well. In cases where SSO randomly stops working, we usually do one/all of the following,

     

    - try logging in using the SAML url which looks something like https://sdp.anaplan.com/frontdoor/saml/<tenant>saml

    - ask the user the clear their cookies/cache or try via incognito mode to see if it's related to the browser, and

    - I typically toggle their user account between SSO and exception user. When I toggle their account, I have them reset their password using the anaplan.com login, use that password to login once, the re-apply them as an SSO user and it seems to fix it (why this works, I have no idea).

     

    If a user has just been setup and SSO doesn't work, we find it's usually a mismatch between the users email address in Anaplan vs active directory/Okta/your IDP (such as a maiden name or mispelling).

     

     

     

     

  • Thank you for your response.

    But I have a query based on your response.

    1. How can I search in the active directory? Is this something I can search or IT team can do?
    2. And https://sdp.anaplan.com/frontdoor/saml/<tenant>saml. Does this use normal Anaplan username and password?
  • 1. How can I search in the active directory? Is this something I can search or IT team can do?
    This is typically an IT function. You'd need them to check whether the user's email in Anaplan matches whatever is stored in your organisations identity provider. If the user was previously able to login, I doubt this is the issue.

    2. And https://sdp.anaplan.com/frontdoor/saml/<tenant>saml. Does this use normal Anaplan username and password?
    I'd refer to this link which then has links to other relevant content, but no, this is for SSO users, but it is the direct link rather than the going via the redirect your IDP typically provides.
     
    However, what's not clear from your post is whether this user could access Anaplan earlier without issue. If they could, I highly doubt these two items are relevant.
     
    As already mentioned, it'd be worth raising a support ticket with Anaplan if you're still unable to resolve, but I imagine they'll take you down a similar path to diagnose.
  • @VDPriya If the SSO login is not working only for a particular user, but other users can connect to Anaplan using the SSO, there could be other 3 possibilities:

     

    1. The Anaplan user is blocked. A user is blocked after 5 consecutive unsuccessful attempts to connect to Anaplan. Unfortunately, there is no way to know exactly if a user is blocked as the error message is not helpful for this case. The user can be un-blocked by the Anaplan support by asking them to check and unblock the user ( email to [email protected] ). This could be the case if the user was able previously to connect to Anaplan via SSO.

     

    2. The user is not correctly setup to connect via SSO. It is possible that the user needs to be part of a particular group in Active Directory in order to be able to connect to Anaplan via SSO. This should be known by who is in charge of the Anaplan SSO setup  ( IT Department !?). 

     

    3. It is possible that in order to work the SSO authentication, the user needs to be first connected to some Company VPN. Check if this applies in your case.

     

    It is always useful to use the direct link to connect via SSO (as @luke_e mentioned) to know for sure if the user really is not able to connect to Anaplan. 

    The direct link can be identified by an Anaplan Tenant Admin in the SSO setup section from the Administration menu. 

     

    Hope it helps!

    Alex

     

  • @luke_e : flagging the user to be "exception user" in order to be able to reset their password and re-connect to Anaplan, force a user that it's blocked to un-block it. 

     

    This is another way to un-block a user by themselves and it works only for the non SSO users, without necessarily asking the Anaplan support to do it for you. 

     

    This is my empirical explanation of why does it work... 🙂

     

    Hope it helps

    Alex

     

     

     

     

  • Thank you Alex,

    User has raised ticket to support team.
  • Thank you Luke,

    User has raised ticket to support team.
  • Also, how much time does it take for support team to respond back to our concern?