Advocacy: I get an "Oops" error with SAML SSO. Why?

The Employee Advocacy platform articles are relocating! Please visit the new Employee Advocacy platform knowledge base to continue reading these articles in the future.

An "Oops" error might indicate that the email attribute in the SAML assertion is wrongly configured or missing.

There must be an attribute with the "EmailAddress" name in the SAML Assertion. Haiilo needs this attribute to identify the user who is logging in. "EmailAddress" is the exact attribute name that is expected: it is case-sensitive and should not have any prefixes inside the name. 

Entra ID tends to add the 'http://schemas...' prefix to all assertion attributes by default but it should not be in the "EmailAddress" attribute. It should be displayed like this:

Screenshot_2020-11-24_at_12.26.42.png

Any prefixes before "EmailAddress" must be removed from the IdP's configuration to successfully integrate with Haiilo.

Was this article helpful?