Purpose of this document
This document describes the account creation process for an SSO user, and highlights the most common causes of this failing.
Account creation depends on the configured IdP (Identity Provider) providing an appropriate SAML (Security Assertion Markup Language) message to Vyopta - please see SSO (Single Sign On) Support for Vyopta Cloud for information regarding the SAML requirements.
Assuming that the message is acceptable and contains the relevant group information the following will take place:
- Any existing Vyopta account with the specified username will be logged in with the permissions appropriate to the group information sent
- If the account does not exist, it will be created and granted the appropriate permissions.
There are two primary scenarios that cause issues with the process specified above
- The group information sent is not correct
- The user was previously configured, but has been deleted.
The first scenario needs to be addressed so that the SAML message is acceptable to Vyopta.
The second is easily addressed from the Vyopta administrative portal as follows:
Navigate to the 'Users' section of the administrative portal, and select the 'recycle bin':
- In the search box, enter the user name and search
- Select the checkbox for the user
- Click on the 'Restore Selected' button
This will restore the user to an active state, and enable login if the SAML message permits.
If a user has been previously deleted it is necessary that you take the above actions to recover the user - the account will have been actively deleted, and Vyopta cannot therefore automatically restore such accounts for security reasons.