Multi-Provider SSO Auto Provisioning User

ssears · ‎03-14-2017

We have SSO up and running however the user provisioning is not working. The import set gets stuck in a loading state and the transform skips the record. In the logs I see we get an error message "SAML2: User: X not found: no thrown error".

I'm guessing it doesn't find the user because the import is getting stuck in a loading state. Any idea on what I can do to resolve this issue? or any more information I can provide for someone to help with this issue?

Thanks,

sergiu_panaite · ‎03-16-2017

Hi Shawn,

In the "X not found" , is "X" an email address?

I can think of one case where this could happen: an account that has an associated email address in the source (Active Directory, etc) but not an email address in sys_user table in ServiceNow.

I believe we do a query like this on authentication:

SELECT sys_user0.`sys_id` FROM sys_user sys_user0 WHERE sys_user0.`email` = 'X@X.Y'

ssears · ‎03-16-2017

Yes the X is an email address and the user is not in our sys_user table. My hope is that with the Auto Provisioning enabled in Service-Now that if the user attempting to login passes the authentication with Active Directory (ADFS) it would then create the user in the sys_user table. After attempting the login when I look at the import sets I can see one created for the import named u_imp_saml_user_zxs1n1jnjp that appears to be stuck in loading. (I have let it run for days)

As I typed this out I noticed the AD account I'm using to test is a bit odd in that the user ID and email is not exactly the same. Maybe that has something to do with it I will test another account today and post the results.

charmainetham1 · ‎12-01-2020

Hi there, did you manage to find a solution to this problem?