Error creating SSO with Azure

erico
Kilo Contributor

I'm trying to create an Identity Provider that authenticates to Azure.  I've gotten most of the way there, but I'm stuck with the attached error screen and message.

Ensure that the user you are trying the test connection with is present in the system.
Ensure that 'User Field' property value corresponds to the value set in the IDP returned through 'Subject NameID' in the response.

From reading some other posts, I've been able to surmise that my SAML query isn't matching the expected authentication field for some reason.  So if I'm looking for user_name from ServiceNow, I'm not getting user_name out of Azure or vice versa.

I've created the user in Azure and I've created the user in ServiceNow.  So the user exists in both systems.

I'm really not sure what I'm supposed to do from here.  I've attached my SSO configuration screen as well.

Any help is greatly appreciated!

Eric

 

1 ACCEPTED SOLUTION

joel_ruiz1
Tera Expert

Erico,

Try changing the NameID Policy to "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" and the User Field to "email". Let me know if that works.

-Joel R.

View solution in original post

9 REPLIES 9

Hi Joel,

I have created user in Azure and I am facing the same issue as below. Do i need to create a user in service-now as well.

 

Please help!!

 

Thanks,

Amarjeet

I couldn't figure out why mine wasn't working, turns out the SAML:1.1 is still important where i expected it to be 2.0 across the board.

Thankfully this post still helped 5 years later!

erico
Kilo Contributor

Joel - 

Thanks for the solution!  Can you explain to me "why" that change works?

Eric

Erico,

Those are the values that AzureAD and ServiceNow are passing to SAML to identify the user in each system, so they have to match.

Hope this helps and I'm glad that it worked!

-Joel R.

Rachel Gomez
Giga Expert

Troubleshooting checklist
Ensure that the Seamless SSO feature is enabled in Azure AD Connect. 
If you have enabled both Azure AD Join and Seamless SSO on your tenant, ensure that the issue is not with Azure AD Join. 
Ensure that the corporate device is joined to the Active Directory domain.

 

Regards,

Rachel Gomez