Summary
You may encounter errors when setting up Single Sign-On (SSO) in your Bynder portal. If you have followed the steps to set up SSO but are still having trouble logging in, please refer to the guide below to fix the problem.
Who?
This feature/solution requires your Customer Success Contact to enable, but then individual permissions can be done by the Bynder Admin.
Once enabled users with the Portal Settings or Manage Login Configuration permissions can create and manage SAML SSO profiles and flows.
Why?
Implementing SAML SSO can save a lot of time for users and administrators. SAML SSO's primary role in online security is that it enables you to access multiple web applications using one set of login credentials. Sometimes the implementation doesn't go as planned, and troubleshooting becomes necessary. Bynder assists in the troubleshooting process by providing SAML SSO logs.
How?
-
Navigate to Settings > Advanced Settings > Portal Settings.
-
Click Login Configuration on the left sidebar.
-
Select the SSO method that you would like to review.
-
Select Logs.
-
Here, you will see the list of login events.
-
Click Login failed to see the specific error.
-
Use the information in the table below to understand the issue.
SAML Response Validation
These errors correspond to invalid SAML configuration in the identity provider and Bynder platforms.
|
Error |
Description |
|---|---|
|
SSO disabled |
This SSO method is disabled in Bynder's login configuration. |
|
Invalid issuer |
Received "{received}" instead of the expected "{expected}," which is the configured value for Identity Provider Identifier. |
|
Invalid audience |
"{Received}" was not found in the audience restriction. |
|
Invalid signature |
The signature validation of the SAML response failed. The certificates in the SAML response and the SSO method configuration don't match. |
|
Response not signed |
No signature was found in the SAML response. The signature hasn't been set up in the identity provider. |
Google Specific Response Validation
These errors may happen specifically for Google SSO flows.
|
Error |
Description |
|---|---|
|
Domain not allowed |
User email is not included in the configuration's allowed domains |
|
SSO disabled |
This SSO method is disabled in Bynder's login configuration. |
|
Login failed |
Something went wrong, please try again later, and if the issue continues, contact Support. |
OpenID Specific Response Validation
|
Error |
Description |
|---|---|
|
SSO disabled |
This SSO method is disabled in Bynder's login configuration. |
|
Authorization endpoint |
The server denied the authorization request and may have provided more information. Error: "{error}," error description: "{error_description}." |
|
Token endpoint |
The server responded with a {status_code} status code and may have provided more information. Error: "{error}," error description: "{error_description}." |
|
JWKS endpoint |
Unable to retrieve the JSON Web Key Set from the configured JWKS URL. |
|
Invalid Token |
The token endpoint did not return a token, or the token is invalid. |
|
Userinfo endpoint |
The server responded with a {status_code} status code and may have provided more information. Error: "{error}," error description: "{error_description}." |
|
JWT |
The JWT returned by the token endpoint could not be validated against the retrieved JSON Web Key Set. |
Bynder Platform Specific Response Validation
|
Error |
Description |
|---|---|
|
Email not found |
No valid email was found in the attribute with the Name "{attribute}." or No valid email was found in the NameID value. |
|
First name not found |
No value was found in the attribute with First Name "{attribute}." |
|
Last name not found |
No value was found in the attribute with Last Name "{attribute}." |
|
Inactive user |
This user is currently deactivated and not allowed to log in. |
|
User not found |
The user does not exist and couldn't be created because, just in time, user provisioning is disabled in the SSO method configuration. |
|
Missing username |
No valid username was found in the attribute with the Name "{attribute}." |
|
Not enough seats |
Users could not be created because the maximum number of user seats for this type has been reached. |
FAQs
What if none of these fixes my issue?
If this guide does not fix the issue please contact Bynder Customer Support. Make sure to provide as much detail as possible, including visuals, and fixes attempted.
Related Articles
Level: Expert
Expert-level articles are for users who have significant prior Bynder knowledge. These articles require you to know a lot of Bynder information and may also require higher-level portal rights to accomplish the task outlined within the article.