SSO Troubleshooting: User Cannot Be Saved

Error

During SSO, a user sees an error message saying "User Cannot Be Saved". The organization has Just-In-Time Provisioning enabled.

Explanation

This error message appears when Foundry tries to add a new user or update an existing one during the SSO (Single Sign-On) process—and that attempt fails. The system cannot save the user, which triggers the error.

There are several possible reasons for this failure, but they all come down to one core issue: Foundry couldn’t complete the user update or creation.

User Cannot be Saved when attempting to Add a New User

This error can happen when a user tries to log in using SSO (Single Sign-On) but doesn’t already exist in Foundry.

If the Foundry IDP (Identity Provider) configuration has “Allow registration via SAML” enabled, Foundry will try to create a new user using the default values from the IDP settings and any mapped attributes.

If those values are missing or incorrect, the system won’t be able to create the user—and this error will appear.

Common problems might be:

• A required field like first name, last name, or email address is missing from the mapped attributes.
• The email address is already used by another user (email addresses must be unique).
• A mapped attribute like user type, role, or location contains an invalid value.

User Cannot be Saved during Update of User

Foundry may try to update an existing user if the person signing in already exists in the system and can be identified by the NameID or email address in the SAML Response.

If there are mapped attributes in the IDP (Identity Provider) configuration, Foundry will attempt to update the user with those values. Errors in this situation are rare, but they can happen when:

• The mapped email address belongs to another user. Since email addresses must be unique, Foundry cannot save the user.
• A mapped attribute for location or role contains an invalid value.

Resolution

Review the user data and resolve the data issues.