- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2019 12:59 PM
I'm trying to create an Identity Provider that authenticates to Azure. I've gotten most of the way there, but I'm stuck with the attached error screen and message.
Ensure that the user you are trying the test connection with is present in the system.
Ensure that 'User Field' property value corresponds to the value set in the IDP returned through 'Subject NameID' in the response.
From reading some other posts, I've been able to surmise that my SAML query isn't matching the expected authentication field for some reason. So if I'm looking for user_name from ServiceNow, I'm not getting user_name out of Azure or vice versa.
I've created the user in Azure and I've created the user in ServiceNow. So the user exists in both systems.
I'm really not sure what I'm supposed to do from here. I've attached my SSO configuration screen as well.
Any help is greatly appreciated!
Eric
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2019 01:11 PM
Erico,
Try changing the NameID Policy to "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" and the User Field to "email". Let me know if that works.
-Joel R.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2020 09:58 PM
Hi Joel,
I have created user in Azure and I am facing the same issue as below. Do i need to create a user in service-now as well.
Please help!!
Thanks,
Amarjeet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2024 02:48 AM
I couldn't figure out why mine wasn't working, turns out the SAML:1.1 is still important where i expected it to be 2.0 across the board.
Thankfully this post still helped 5 years later!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2019 05:26 AM
Joel -
Thanks for the solution! Can you explain to me "why" that change works?
Eric

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2019 09:21 AM
Erico,
Those are the values that AzureAD and ServiceNow are passing to SAML to identify the user in each system, so they have to match.
Hope this helps and I'm glad that it worked!
-Joel R.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2023 11:49 PM
Troubleshooting checklist
Ensure that the Seamless SSO feature is enabled in Azure AD Connect.
If you have enabled both Azure AD Join and Seamless SSO on your tenant, ensure that the issue is not with Azure AD Join.
Ensure that the corporate device is joined to the Active Directory domain.
Regards,
Rachel Gomez