- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2019 12:59 PM
I'm trying to create an Identity Provider that authenticates to Azure. I've gotten most of the way there, but I'm stuck with the attached error screen and message.
Ensure that the user you are trying the test connection with is present in the system.
Ensure that 'User Field' property value corresponds to the value set in the IDP returned through 'Subject NameID' in the response.
From reading some other posts, I've been able to surmise that my SAML query isn't matching the expected authentication field for some reason. So if I'm looking for user_name from ServiceNow, I'm not getting user_name out of Azure or vice versa.
I've created the user in Azure and I've created the user in ServiceNow. So the user exists in both systems.
I'm really not sure what I'm supposed to do from here. I've attached my SSO configuration screen as well.
Any help is greatly appreciated!
Eric
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2019 01:11 PM
Erico,
Try changing the NameID Policy to "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" and the User Field to "email". Let me know if that works.
-Joel R.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2019 01:05 PM
So off the bat I see the IDP is not active, there is a link at the bottom of the form I believe to make it active. Also you have to make sure you associate the IDP to the User record by putting "SSO:<sys_id of IDP> in the SSO Source of the user record.
Hope this helps!
-Joel R.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2019 01:11 PM
Erico,
Try changing the NameID Policy to "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" and the User Field to "email". Let me know if that works.
-Joel R.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-30-2019 01:11 PM
I wanted to add this fixed an issue we had after we renamed an instance. We renamed our sandbox and SSO broke. We only changed the URL in our Azure urls in box Azure and ServiceNow instance and it would not work. Our Azure server guy found this post and suggested we changed our NameID Policy from "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" to your suggestion and it fixed our issue. What is weird is all of our other instances are still using "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" just fine!
Thank you!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2020 01:41 PM
You are welcome, glad I could be of assistance!