Administrators or end users may see errors related to Just-in-Time provisioning. For example, if a required attribute is missing in the SAML assertion, an error occurs and the user is unable to log in.
The following errors can appear in the VMware Identity Manager console.
|If JIT User provisioning is enabled, at least one directory must be associated with identity provider.||There is no directory associated with the identity provider. An identity provider with the Just-in-Time provisioning option enabled must have a Just-in-Time directory associated with it.
A Just-in-Time directory is created.
The following errors can appear on the log-in page:
|User attribute is missing: name.||A required user attribute is missing in the SAML assertion sent by the third-party identity provider. All attributes that are marked required in the User Attributes page must be included in the SAML assertion. Modify the third-party identity provider settings to send the correct SAML assertions.|
|Domain is missing and cannot be inferred.||The SAML assertion does not include the domain attribute and the domain cannot be determined. A domain attribute is required in the following cases:
If a domain attribute is specified, its value must match one of the domains specified for the directory.
Modify the third-party identity provider settings to send the correct SAML assertions.
|Attribute name: name, value: value.||The attribute in the SAML assertion does not match any of the attributes in the User Attributes page in the tenant and will be ignored.|
|Failed to create or update a JIT user.||The user could not be created in the service. Possible causes include the following: