Description
...
Once a user is returned from the Authorization Endpoint, the request will be logged showing any issues.
FAQ
Unable to get claims. Ask client to add a claim named UserID to return the users email address.
First try checking Validate Issuer. The claims returned are affected by this setting.
User can't login by SSO
If a user is unable to login by SSO once enabled, first:
...
We don’t currently support IdP-Initiated SSO. This is where they would have an address for their SSO provider E.G. inpay.es.rsmuk.com/payslipportal4/?sso=CompanyName
Unable to aquire token error
If they're using Azure (the meta data url will start with login.microsoft...) then this can mean the client secret is incorrect or expired.
When requesting a new secret, a response like the following can be returned:
Value: <omitted>
Secret: c55c95b4-056f-4b0a-b6d6-18233b7c76d9
It is important to note that the value found for the "Value" field is the client secret. The value found for the "Secret" field is a Guid identifier for the secret, and SSO will not work if this is used as that client secret.