SSO Signout Loop

Question

I have an Enterprise App setup for SSO and it seems to work fine with external/guest accounts that are on Azure but Google Workspace users seem to be problematic. Once the invite is sent out and accepted, I can login to the portal.office.com with the guest account. Now when I go to my SSO enabled App (Zendesk), I go through the process of authentication and instead of signing in, it signs me out every time. I can see the sign-in logs indicating a successful login but I'm puzzled to why it's signing me out every time. Any help would be appreciated!

Answer 1

Hi @BingBong221 ,

Thanks for your post! Normally this issue has to do with configuration on the application side. Your app registration configuration needs to match what you have configured in the application itself. Specifically, you need to compare the Client/Application ID, Reply URLs, Client Secrets/Keys, and App ID URI.

Zendesk offers a few solutions for this particular issue on their troubleshooting page:

1) Look at the Access Consumer Service (ACS) URL to see if there is a / at the end of the address. If there is, remove it.

2) This issue commonly occurs if there has been an update or change to the server's SSL Certificate. If the certificate has a new fingerprint, you need to update the existing one from your support account.

You can reach Zendesk support here.

Otherwise, there might be something configured on the app side that needs to be corrected. I would recommend studying a fiddler trace of the complete login process to find out where exactly this is wrong.

You can check the Problems signing in to SAML-based Single Sign-On configured apps guide for additional steps to diagnose the issue.

If the above steps don't work, I'll be happy to help troubleshoot.

-
If the information helped you, please accept the answer. This will help us and other community members as well.