General Overview
Single sign-on or SSO allows a user to securely log on to Ondexx using the same system used by their organization. Depending on how your organization is set up, this could be your email address, or SAML NAMEID (formerly called “Employee ID”).
Once a user has logged in with SSO for the first time, their account authentication is set to SAML. If they previously used a forms-based account (username and password), they will no longer be able to log in with this method.
Single Sign-On Troubleshooting
Case 1: Single Sign-On is not enabled
Not all Ondexx instances use single sign-on. To determine if your instance uses SSO, navigate to your intstance’s login page.
If there is no button labelled Single Sign-On, your instance does not use SSO. Continue to use Forms-based authentication as usual.
Case 2: User Profile Discrepancy
If your organization uses “SAML NAMEID” for SSO (formerly called “Employee ID”), it is possible that you will get a User Profile Discrepancy warning message when logging in for the first time, or when your email address itself has recently been changed.
This warning appears when your SAML NAMEID matches your profile, but your email address does not. This often occurs when your email address was changed, but never updated in Ondexx.
In this case, you can continue into Ondexx by clicking Continue.
Please contact your user administrator for help updating the email associated with your Ondexx account.
Case 3: Invalid Profile Data – Primary Claim is not unique
This error occurs when the Primary Claim used for validation (either Email Address or SAML NAMEID) is found in multiple Ondexx accounts. As it is unclear which account belongs to the user, Ondexx will not proceed until the Primary Claim is only in one account.
Please contact your user administrator for help updating the SAML NAMEID or Email Address associated with your Ondexx account.
Case 4: None of my sites or settings are here!
If Ondexx cannot find an account with the matching Primary Claim (either Email Address or SAML NAMEID), it will automatically create a new account for a valid user. However, if the user’s account had incorrect information for the Primary Claim, Ondexx will not find the account through Single Sign-On, and instead, create a new account.
This is the account the user is currently viewing, and they can still access their original account via Forms-based authentication.
Please contact your user administrator for help deactivating the duplicate account, and updating the SAML NAMEID and/or Email address associated with your Ondexx account.