You've set up a Lansweeper Cloud Site and enabled SSO, but when users from your domain attempt to log in, they are prompted to create a new Lansweeper Cloud Site instead of joining your existing one. 
What could be happening?
If users are being prompted to create a site, this means that they have not yet been invited to join an existing site. To invite users to your site, follow the instructions in the following article:
In Summary
All users needing Lansweeper Cloud Site access where SSO is enabled are required to:
Single Sign-On (SSO) integration can streamline access to Lansweeper Sites, but misconfigurations or incomplete setups may lead to issues.
This article provides a comprehensive list of common SSO-related errors, their causes, and step-by-step solutions to resolve them effectively. Whether it's verifying domains, resolving login issues, or troubleshooting configuration mismatches, you'll find actionable guidance to ensure a seamless SSO experience.
1. Error in your email verification
Message: Your email verification is still pending, please verify now. Click here to resend email.
Cause: Manual email verification is not required/expected/possible.
Solution: When SSO is set up for Lansweeper Sites, it needs to be configured with the attribute email_verified = true. For more information on how to set up Lansweeper SSO, see Set up Lansweeper SSO.
 
2. Oops! Something went wrong
Message: There could be a misconfiguration in the system or a service outage.
Possible cause: You are trying to log in from your IdP, but the setting "Enable IdP-initiated single sign-on" is not enabled in Lansweeper settings.
Solution: Enable the "IdP-initiated single sign-on" option in Lansweeper's SSO connection settings.
 
3. Prompt to create a new Site when SSO is enabled
Cause: Users from a domain where SSO is set up are prompted to create a new site because they need to be invited to the Site and accept the invitation within 24 hours.
Solution: Cancel any pending invitations and send new invitations to affected users. For more details, see SSO Users Are Prompted to Create a New Lansweeper Site.
 
4. Continuous loop or page refresh on the sign-in screen
Cause: The Sign-In URL is incorrect in your Lansweeper SSO setup.
Solution: Copy the Login URL from your app’s SSO configuration and paste it into the Sign-In URL field in Lansweeper’s SSO Connection settings.
 
5. Account Linking Was Not Completed
Message: "Account linking was not completed. Please log in with SSO and try to link your accounts again. If the problem persists, contact your administrator."
Cause: Failure to link multiple identities on the Lansweeper side.
Solution: Log a support portal case and provide the email address associated with the multiple identities so the support team can resolve the issue by merging them.
 
6. Cisco Duo issue: missing email attribute
Message: "Your identity provider is not sending your email, so we cannot complete your access to Lansweeper. Contact your administrator to adjust the settings."
Cause: Incorrect or missing mapped attribute.
Solution: Under Map Attributes, set the IdP attribute <E-mail Address> to the SAML Response attribute email.
 
7. Domain verification fails after creating a TXT record
Message: "The domain could not be verified successfully."
Cause: The DNS TXT record may not have been created correctly.
Solution:
 
8. Audience is invalid
Message: "Audience is invalid. Configured: urn."
Cause: A mismatch between the Entity ID in Lansweeper’s SAML connection and the IdP settings.
Solution: Add the Entity ID from Lansweeper’s SSO setup to the Audience Restriction field in your IdP’s SAML settings.
 
9. Error creating the connection
Possible cause: Web filtering may block the upload of the certificate file, causing an error in the UI.
Solution:
- 
Open developer tools in your browser: 
- Chrome: Right-click and select Inspect.
- Firefox: Go to Web Developer > Toggle Tools.
- Edge: Go to More Tools > Developer Tools.
 
- Attempt to create the SSO connection again and capture network traffic for troubleshooting.
- Log a support portal case and include error messages or network request details.
 
10. AADSTS700016: Application not found
Message: "Sorry, but we're having trouble signing you in."
Cause: Mismatch between the Entity ID in Lansweeper’s setup and Azure AD SSO configuration.
Solution: Verify that the Entity ID in Lansweeper matches the corresponding field in your IdP’s SSO app.
 
11. "SSO is not enabled for your domain"
Message: You successfully configured and tested SSO but still receive an error when logging in with your email address.
Cause: The incorrect domain may be enabled for SSO.
Solution: Ensure the correct domain name is enabled under Settings > Single Sign-On in your Lansweeper Site.
 
12. Invalid thumbprint error
Message: "Invalid thumbprint."
Cause: A bug in Lansweeper Sites causes Azure-generated certificates to fail.
Solution:
- Generate a new certificate in Azure AD.
- Export the certificate in PEM format.
- Import the PEM certificate into Lansweeper’s SSO configuration.
 
Additional tips and tricks