Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

SSO Troubleshooting: We were not able to log you in

Learn what to do if you receive this error

Error

If, after a user authenticates to their identity provider, you see this message:

We were not able to log you in

Sorry, we were not able to connect to your account with <<Organization>>. Please provide the following information to your organization's technical contact so we can help resolve this issue and get you logged in: Name ID: <<XXXXXXXX>>. Response ID: <<XXXXXXXXXXXXXXXX>>

The part <<Organization>> will contain the actual name of the Organization, and Name ID and Response ID will contain the actual values.

 

Explanation

This error happens with the SAML Subject NameID has a value that cannot be found in any Users in your organization with that SSO ID or email address (as a backup search). This can only happen when your Foundry IDP setup has the “allow registration during single sign-on” checkbox unchecked, which means Foundry will not create new users during SSO, otherwise Foundry would have simply created a new User after not finding an existing user.

 

Resolution

  1. On the learner webpage where the error appears, copy the ID value shown in the error message.
    This value is called the SAML NameID—it's a unique identifier assigned to the user by your identity provider and passed to Foundry.

  2. Go to the Foundry customer admin portal and paste the NameID into the user search box.

  3. If a user is found:

    • Check that the user's SSO ID matches the NameID exactly—including capitalization.
    • Make sure there are no extra spaces before or after the value.
    • If the SSO ID doesn't match the NameID, update the SSO ID to match it exactly. This should resolve the issue.

  4. If no user is found using the NameID, try searching by the learner’s name, email address, or other details.

  5. If you find the user this way, check their SSO ID and confirm it matches the NameID.
    If it doesn’t, update the SSO ID to match the NameID.

  6. If you can’t find the learner at all in Foundry, that explains the error.
    The learner must have a user account in Foundry, and their SSO ID must match the SAML NameID exactly.

 

More Details

  • The error message includes the NameID that was in the SAML Response’s Assertion. This NameID is the unique identifier passed from your identity provider to Foundry.
  • Check if there is a user in Foundry whose SSO ID should match this NameID. Sometimes there’s a mismatch—for example, the NameID might be a numeric ID, but the SSO ID in Foundry is a username or email address.
  • Make sure SSO ID values are filled in for users in Foundry. Also confirm that the user actually exists in Foundry.
  • Verify that the NameID is coming from the correct field in your identity management system. For instance, if the NameID contains a numeric employee ID, but Foundry expects an email address in the SSO ID field, that could cause a mismatch.
  • Check for case sensitivity. The NameID and the SSO ID must match exactly, including capitalization.
  • The error message also includes a Response ID. This is a long string of letters and numbers, like _2321732d25be376733c0f2e1d9149fc. This Response ID identifies the SAML Response itself and is not the same as the user’s NameID. If your system logs outgoing SAML Responses, you can search using this Response ID to get more details. You can also send the Response ID to Everfi to help diagnose the SSO event.