Troubleshoot Issues with Identity Provider Setup
This information will help you to resolve common issues when setting up a new identity provider (IdP).
If you are just getting started with identity provider setup, see Add Identity Providers.
Viewing Errors from the API
As an administrator, you can view failures via API endpoint /api/v1/orgs/:org_id/ssos/:sso_id/failures.
Error: Invalid Certificate
Problem
This error message appears during IdP setup on the Organization Settings page of the Juniper Mist™ portal.
Cause
This error indicates that the Certificate field in the IdP window is missing required information, such as the header and footer.
Solution
Download the certificate, copy the full text of the certificate (including the headers and footer), and paste the full text into the Certificate field on the IdP window.
First-Time Login Issues
Problem
This issue occurs when users are logging in to the Juniper Mist portal for the first time.
Cause
The first time that someone logs in, they need to use the SSO URL or another IdP-initiated login method. This step is necessary to establish a user's Juniper Mist account as an SSO account. After that, users can use the SSO URL or go directly to the Juniper Mist portal (manage.mist.com).
Solution
Advise users to use the SSO URL or another IdP-initiated login method the first time that they log in to the Juniper Mist portal.
Error: Email Already Taken
Problem
This error appears during login. It indicates that the user already has a Juniper Mist account. Typically, this error occurs when someone is trying to use the same email address for a local Juniper Mist account and an SSO account.
Solution
Consider deleting the user's local account on the Juniper Mist portal. A Juniper Mist organization requires only one local account. For all other users, a local account is not necessary. They can delete their local accounts, and this will resolve the "email already taken" issue.
Another option is to set up the two accounts (local and SSO) with different email addresses.
Missing User Names
Problem
In this scenario, the user name is not showing up in the Juniper Mist portal.
Cause
This issue occurs when the SAML configuration is missing the FirstName, LastName, Role, and Name ID attributes.
Solution
In the IdP portal, update the SAML configuration to include the missing attributes.