Problem Statement
After enabling and enforcing Single Sign-On (SSO), new users who authenticate via SSO for the first time are prompted to either link their SSO identity to an existing Lansweeper account or create a new account. When the user selects Create a new account, the sign-in process completes successfully; however, the user does not gain access to our Lansweeper Cloud site and is unable to view or access our environment.
Solution
This behavior is expected. Single Sign-On (SSO) authenticates a user’s identity, but it does not automatically add the user to your organization or grant access to a specific Cloud site.
When a user signs in via SSO for the first time and selects Create a new account, Lansweeper creates a new standalone user account. At that stage, the account is authenticated but not yet associated with your organization or Cloud site, so the user will not see your Cloud site.
To ensure users are properly associated with your organization and have access to the correct Cloud site, they must be invited to the Cloud site. The correct process is:
- The user must create a Lansweeper account first (via SSO sign-in if SSO is enforced).
- Then the Site Owner can send the user an invite to the Cloud site.
- Once the account exists, the user can accept the invitation, which associates their existing account with your Cloud site and applies the assigned permissions.
For step-by-step instructions on inviting users and granting access, refer to:
https://community.lansweeper.com/t5/sites/add-users-to-a-cloud-site/ta-p/64537
