This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Troubleshoot common SSO errors in Lansweeper Sites

‎12-19-2024 12:00 PM

Single Sign-On (SSO) integration can streamline access to Lansweeper Sites, but misconfigurations or incomplete setups may lead to issues.

This article provides a comprehensive list of common SSO-related errors, their causes, and step-by-step solutions to resolve them effectively. Whether it's verifying domains, resolving login issues, or troubleshooting configuration mismatches, you'll find actionable guidance to ensure a seamless SSO experience.

1. Error in your email verification

Message: Your email verification is still pending, please verify now. Click here to resend email.
Cause: Manual email verification is not required/expected/possible.
Solution: When SSO is set up for Lansweeper Sites, it needs to be configured with the attribute email_verified = true. For more information on how to set up Lansweeper SSO, see Set up Lansweeper SSO.

 

2. Oops! Something went wrong

Message: There could be a misconfiguration in the system or a service outage.
Possible cause: You are trying to log in from your IdP, but the setting "Enable IdP-initiated single sign-on" is not enabled in Lansweeper settings.
Solution: Enable the "IdP-initiated single sign-on" option in Lansweeper's SSO connection settings.

 

3. Prompt to create a new Site when SSO is enabled

Cause: Users from a domain where SSO is set up are prompted to create a new site because they need to be invited to the Site and accept the invitation within 24 hours.
Solution: Cancel any pending invitations and send new invitations to affected users. For more details, see SSO Users Are Prompted to Create a New Lansweeper Site.

 

4. Continuous loop or page refresh on the sign-in screen

Cause: The Sign-In URL is incorrect in your Lansweeper SSO setup.
Solution: Copy the Login URL from your app’s SSO configuration and paste it into the Sign-In URL field in Lansweeper’s SSO Connection settings.

 

5. Account Linking Was Not Completed

Message: "Account linking was not completed. Please log in with SSO and try to link your accounts again. If the problem persists, contact your administrator."
Cause: Failure to link multiple identities on the Lansweeper side.
Solution: Log a support portal case and provide the email address associated with the multiple identities so the support team can resolve the issue by merging them.

 

6. Cisco Duo issue: missing email attribute

Message: "Your identity provider is not sending your email, so we cannot complete your access to Lansweeper. Contact your administrator to adjust the settings."
Cause: Incorrect or missing mapped attribute.
Solution: Under Map Attributes, set the IdP attribute <E-mail Address> to the SAML Response attribute email.

 

7. Domain verification fails after creating a TXT record

Message: "The domain could not be verified successfully."
Cause: The DNS TXT record may not have been created correctly.
Solution:

  • Ensure the TXT record is created at the root of your domain (not a subdomain).
    For example:

    Type 

    Domain

    TTL

    Record

    TXT

    http://lansweeper.com/

    30 min

    09FB543B8C...

  • Confirm the DNS record is publicly visible using a tool like MxToolbox.

 

8. Audience is invalid

Message: "Audience is invalid. Configured: urn."
Cause: A mismatch between the Entity ID in Lansweeper’s SAML connection and the IdP settings.
Solution: Add the Entity ID from Lansweeper’s SSO setup to the Audience Restriction field in your IdP’s SAML settings.

 

9. Error creating the connection

Possible cause: Web filtering may block the upload of the certificate file, causing an error in the UI.
Solution:

  1. Open developer tools in your browser:

    • Chrome: Right-click and select Inspect.
    • Firefox: Go to Web Developer > Toggle Tools.
    • Edge: Go to More Tools > Developer Tools.
  2. Attempt to create the SSO connection again and capture network traffic for troubleshooting.
  3. Log a support portal case and include error messages or network request details.

 

10. AADSTS700016: Application not found

Message: "Sorry, but we're having trouble signing you in."
Cause: Mismatch between the Entity ID in Lansweeper’s setup and Azure AD SSO configuration.
Solution: Verify that the Entity ID in Lansweeper matches the corresponding field in your IdP’s SSO app.

 

11. "SSO is not enabled for your domain"

Message: You successfully configured and tested SSO but still receive an error when logging in with your email address.
Cause: The incorrect domain may be enabled for SSO.
Solution: Ensure the correct domain name is enabled under Settings > Single Sign-On in your Lansweeper Site.

 

12. Invalid thumbprint error

Message: "Invalid thumbprint."
Cause: A bug in Lansweeper Sites causes Azure-generated certificates to fail.
Solution:

  1. Generate a new certificate in Azure AD.
  2. Export the certificate in PEM format.
  3. Import the PEM certificate into Lansweeper’s SSO configuration.

 

Additional tips and tricks

  • By default, the user who sets up SSO for a domain becomes the SSO Connection Manager. To add additional managers, follow the instructions here.


Was this post helpful? Leave a Kudo!
Did you have a similar issue and a different solution? Share your work in the comments below and help your fellow IT Hero's!
More questions? Browse our  Quick Tech Solutions  or  Community Forum.


If you can't find what you're looking for, create a post in our Community Forum.


0 Kudos

About the author

anniep
Lansweeper Tech Support
23 13 0
View Profile

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Popular Articles
li.common.scroll-to.top