SSO and login

SSO, login loop, callback error, or expired session.

When to use

  • Looping login.

  • SSO returns error after authenticating at the IdP.

  • User authenticates but does not have access to the project.

Quick checklist (2 min)

  1. Test in an incognito/private window.

  2. Clear cookies for the domain.

  3. Confirm the user is in the correct tenant/organization.

Diagnosis

1) Permissions vs authentication

  • Authenticated but does not see resources: usually permission/group related.

  • Not authenticated: usually SSO/callback configuration.

2) Callback and redirect URI

  • Confirm if the redirect/callback URL from the IdP matches exactly what is configured.

  • Check for differences in http/https or domain.

3) Clock skew and expiration

  • Do tokens expire quickly?

  • Do errors vary by user/machine?

How to resolve (patterns)

  • Loop: clear cookies and review domain/callback.

  • 403 after login: adjust groups/roles and claim mapping.

  • Error only in one browser: extension blocking cookies/3rd-party.

When to escalate

  • All users in an org fail.

  • Reproducible callback error.

  • Recent change in IdP (certificate/metadata) causing widespread breakage.

Last updated

Was this helpful?