How can we help you?

SSO Troubleshooting – What can “break” SSO?


Below are some of the common problems you might encounter with SSO. If you think your SSO has stopped working, please contact Client Experience for support and guidance.

1.  Mismatched emails

If an email from a user does not match the email against their corresponding enableHR user profile, the SSO will not work.

2.  Changing user data in the IdP

As the IdP and enableHR are configured to exchange information, if you change the settings in one without testing these changes to make sure the authentication flow still works as expected, then this could cause an issue if the data is no longer able to sync up. If you have made a change and want to test that the authentication flow is still working as it should, please contact Client Experience.

3.  If a current user is already linked to a record

If an eSS user is already linked to a record, enableHR will not (usually) point the new user to that record. The exception to this is that when you have a non-SSO user referring to a record, enableHR will update that user to become an SSO user. This means that candidates who sign up with their personal email addresses but later become employees will need to have their user profile updated with their new work email addresses.

4.  Deleting users

If you are deleting a user from your system, you will need to also delete them from enableHR as SAML only tells us that a valid user is logging in, it doesn’t tell us that a user no longer exists.

Before deleting an record, please ensure that you first review and store all important data and documentation tracked against the record.

5.  Skewed clocks

SAML requests and responses are valid for limited lengths of times, and your IdP and our servers need to be in rough agreement on the current time to ensure that that period of validity matches. We use NTP to keep our servers’ clocks current, you should do the same!


Have more questions? Submit a request