...
When a value was copied incorrectly, It can lead to incorrect configuration. To address this issue, you can double check the federation values, both in your IdP's SAML configuration and in the SSO Portal. You can also validate them in the SAML response your IdP returns to Infoblox. You can see these requests/responses in the developer network tools of your browser when a user attempts to log in to the Infoblox Cloud Services Portal.
Check the SAML authentication response, if possible, to validate the following configuration:
...
When you enable IdP Group Mapping, only users that are members of your specified IdP groups are allowed to be added to the Infoblox Cloud Services Portal. If your IdP group mapping is set up but does not include your IdP's groups as an attribute in the SAML response, your users will not be able to access the Infoblox Cloud Services Portal.
| Note | ||
|---|---|---|
| ||
| If users existed in the Infoblox Cloud Services Portal before the SAML 2.0 federation, the IdP Group Mapping will not change the groups to which they belonged in the Cloud Services Infoblox Portal. The users will be able to sign in normally. However, if the users did not exist in the Infoblox Cloud Services Portal before the federation, configuring IdP Group Mapping is the only way to connect the IdP users to your Infoblox Cloud Services Portal account, Hence, if your IdP users are not part of any IdP groups in your IdP Group Mapping, they will not have access to the Infoblox Cloud Services Portal. |
You can check your IdP's SAML authentication response, if possible, to validate the presence of this element: <saml:Attribute Name="groups">, which contains the desired groups listed within the element