SSO Troubleshooting – What can “break” SSO?

Below are some of the common problems you might encounter with SSO. If you think your SSO has stopped working, please contact Client Support Team for support and guidance.

1.  Mismatched emails

If an email from a user does not match the email against their corresponding Citation HR Software user profile, the SSO will not work.

2.  Changing user data in the IdP

As the IdP and Citation HR Software are configured to exchange information, if you change the settings in one without testing these changes to make sure the authentication flow still works as expected, then this could cause an issue if the data is no longer able to sync up. If you have made a change and want to test that the authentication flow is still working as it should, please contact Client Support.

3.  If a current user is already linked to a record

If an eSS user is already linked to a record, Citation HR Software will not (usually) point the new user to that record. The exception to this is that when you have a non-SSO user referring to a record, Citation HR Software will update that user to become an SSO user. This means that candidates who sign up with their personal email addresses but later become employees will need to have their user profile updated with their new work email addresses.

4.  Deleting users

If you are deleting a user from your system, you will need to also delete them from Citation HR Software as SAML only tells us that a valid user is logging in, it doesn’t tell us that a user no longer exists.

Before deleting an record, please ensure that you first review and store all important data and documentation tracked against the record.

5.  Skewed clocks

SAML requests and responses are valid for limited lengths of times, and your IdP and our servers need to be in rough agreement on the current time to ensure that that period of validity matches. We use NTP to keep our servers’ clocks current, you should do the same!

 

Related to