Error creating SSO with Azure

erico · ‎05-21-2019

I'm trying to create an Identity Provider that authenticates to Azure. I've gotten most of the way there, but I'm stuck with the attached error screen and message.

Ensure that the user you are trying the test connection with is present in the system.
Ensure that 'User Field' property value corresponds to the value set in the IDP returned through 'Subject NameID' in the response.

From reading some other posts, I've been able to surmise that my SAML query isn't matching the expected authentication field for some reason. So if I'm looking for user_name from ServiceNow, I'm not getting user_name out of Azure or vice versa.

I've created the user in Azure and I've created the user in ServiceNow. So the user exists in both systems.

I'm really not sure what I'm supposed to do from here. I've attached my SSO configuration screen as well.

Any help is greatly appreciated!

Eric

joel_ruiz1 · ‎05-21-2019

Erico,

Try changing the NameID Policy to "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" and the User Field to "email". Let me know if that works.

-Joel R.

View solution in original post

Amarjeet Pal · ‎05-13-2020

Hi Joel,

I have created user in Azure and I am facing the same issue as below. Do i need to create a user in service-now as well.

Please help!!

Thanks,

Amarjeet

Wayne Woodgate1 · ‎09-05-2024

I couldn't figure out why mine wasn't working, turns out the SAML:1.1 is still important where i expected it to be 2.0 across the board.

Thankfully this post still helped 5 years later!

Kawshal29 · ‎10-08-2025

I was facing the same issue while performing 'Test Connection'. This solution resolved my issue.

Thank you.

KS

erico · ‎05-22-2019

Joel -

Thanks for the solution! Can you explain to me "why" that change works?

Eric

joel_ruiz1 · ‎05-22-2019

Erico,

Those are the values that AzureAD and ServiceNow are passing to SAML to identify the user in each system, so they have to match.

Hope this helps and I'm glad that it worked!

-Joel R.