I get an "Oops" error with SAML SSO. Why?

If you receive an "Oops" error when testing your newly created SAML SSO setup, it can indicate that the email attribute in the SAML assertion is wrongly configured or missing.

The SAML assertion must include an attribute called "EmailAddress." Haiilo requires this attribute to identify the user who is logging in. Please note that "EmailAddress" must be written exactly as specified, as the attribute name is case-sensitive and should not contain any prefixes.

For example, Microsoft Entra ID tends to add the 'http://schemas...' prefix to all assertion attributes by default but it should not be in the "EmailAddress" attribute.

The attribute should be displayed like this for "EmailAddress":

Screenshot_2020-11-24_at_12.26.42.png

Was this article helpful?