👋 Next.js Conf 2024: Come build, party, run, and connect with us! See all events

SAML configuration issue causing new accounts to be created instead of logging into the intended account.

18 replies
Last updated: Sep 7, 2022
Struggling with a SAML issue. We seem to be configured correctly but when I logged in it created a brand new account rather than tieing to the user/org/project that we were configuring it for.. What did we do wrong?
Aug 23, 2022, 8:46 PM
Hey User! To double check, are you on an enterprise level plan?
Aug 23, 2022, 8:50 PM
We are on the Business plan.
Aug 23, 2022, 9:08 PM
Happy to share any info that might have a bearing on this.
Aug 23, 2022, 9:09 PM
Got it! Just checking that it wasn't a plan-level error. Is this happening when logging into a Studio or into sanity.io/manage ?
Aug 23, 2022, 9:59 PM
Well we ask our iDP to push us through. There isn't a login url specified. I would expect to land in manage -- I think folks can pivot to studio from there can't they? (Total Noob alert)
Aug 23, 2022, 10:10 PM
I updated the Login URL to /manage but it still logs me into the "fake" account not the "real" account
Aug 23, 2022, 10:35 PM
Does the fake account have the same login information as the real account but use a different provider?
Aug 23, 2022, 10:38 PM
So they both have the same email address firstname and lastname. The "fake" account was created on the fly the first time I tried to login using SAML.
Aug 23, 2022, 10:49 PM
We only have one SAML provider...
Aug 23, 2022, 10:49 PM
Can you share your SAML set up? You can DM me if you're like to keep it private.
Aug 24, 2022, 3:18 PM
Woops I was away this morning.Sure -- Thanks! I'lldo that now.
Aug 24, 2022, 7:56 PM
Just checking in this morning. Anyone have any ideas?
Aug 26, 2022, 4:09 PM
Thank you for being so patient as we worked to find a solution for you. This is not an issue with your SAML configuration after all. This is the intended behavior when using a new authentication provider to log into the Studio (even if it's using the same email address and information). There's no way to configure SAML to work around this.
Aug 31, 2022, 10:23 PM
So how do I get SAML to log folks into our actual corporate account?
Sep 1, 2022, 3:03 PM
Like with other new user accounts, you need to invite the account to the project. The invitee would then need to log in with SAML and accept that invite. You can then delete the old account.
Sep 2, 2022, 3:50 PM
Sooo. That seems to be the case also forMY account how does that "owner/Admin" permission get tranferred?This is most odd...
Sep 7, 2022, 8:15 PM
user M
So we find that there is no way to do that either until the intended user has Deleted their original account. That is not going to work is it?Why isn't there a way to connect to the existing account or choose auth methods as the admin?
Sep 7, 2022, 8:49 PM
-- Sorry if I am getting a little whiny.
Sep 7, 2022, 8:49 PM

Sanity– build remarkable experiences at scale

Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Was this answer helpful?