Administrators or end users might see errors related to Workspace ONE Access service Just-in-Time provisioning. For example, if a required attribute is missing in the SAML assertion, an error occurs, and the user is unable to log in.
The following errors can appear in the Workspace ONE Access console.
Error Message | Solution |
---|---|
If JIT User provisioning is enabled, at least one directory must be associated with identity provider. | There is no directory associated with the identity provider. An identity provider with the Just-in-Time provisioning option enabled must have a Just-in-Time directory associated with it.
A Just-in-Time directory is created. |
The following errors can appear on the log-in page:
Error Message | Solution |
---|---|
User attribute is missing: name. | A required user attribute is missing in the SAML assertion sent by the third-party identity provider. All attributes that are marked required in the User Attributes page must be included in the SAML assertion. Modify the third-party identity provider settings to send the correct SAML assertions. |
Domain is missing and cannot be inferred. | The SAML assertion does not include the domain attribute and the domain cannot be determined. A domain attribute is required in the following cases:
If a domain attribute is specified, its value must match one of the domains specified for the directory. Modify the third-party identity provider settings to send the correct SAML assertions. |
Attribute name: name, value: value. | The attribute in the SAML assertion does not match any of the attributes in the User Attributes page in the tenant and will be ignored. |
Failed to create or update a JIT user. | The user could not be created in the service. Possible causes include the following:
|