Administrators or end users might see errors related to Workspace ONE Access service Just-in-Time provisioning. For example, if a required attribute is missing in the SAML assertion, an error occurs, and the user is unable to log in.
The following errors can appear in the Workspace ONE Access console.
| Error Message | Solution |
|---|---|
| If JIT User provisioning is enabled, at least one directory must be associated with identity provider. | There is no directory associated with the identity provider. An identity provider with the Just-in-Time provisioning option enabled must have a Just-in-Time directory associated with it.
A Just-in-Time directory is created. |
The following errors can appear on the log-in page:
| Error Message | Solution |
|---|---|
| User attribute is missing: name. | A required user attribute is missing in the SAML assertion sent by the third-party identity provider. All attributes that are marked required in the User Attributes page must be included in the SAML assertion. Modify the third-party identity provider settings to send the correct SAML assertions. |
| Domain is missing and cannot be inferred. | The SAML assertion does not include the domain attribute and the domain cannot be determined. A domain attribute is required in the following cases:
If a domain attribute is specified, its value must match one of the domains specified for the directory. Modify the third-party identity provider settings to send the correct SAML assertions. |
| Attribute name: name, value: value. | The attribute in the SAML assertion does not match any of the attributes in the User Attributes page in the tenant and will be ignored. |
| Failed to create or update a JIT user. | The user could not be created in the service. Possible causes include the following:
|
