Unable to invite new users if SSO has been enabled

This article applies to:

Onboarding

Feature Category:  User Access provisioning

 

Problem Description:

A member of the administrator group in Tanzu Observability is no longer able to invite new users from the account management page as the "INVITE NEW USERS" button is inaccessible, as shown below:

 

invite_new_users.JPG

 

Attempting to invite a user from the api, Account_(User_and_Service_Account)/inviteUserAccounts results in the following error returned:

{ "status": { "result": "ERROR", "message": "Cannot process the request when SSO is enabled.", "code": 400 } }

 

Cause:

Once SSO is enabled, it is no longer possible to invite new users either through the API or the UI. This is by design as all authentication is now handled by the Single Sign On identity provider. 

 

Resolution:

Once a user opens a browser and enters the tenant address, for example, https://xxxx.wavefront.com,  then provides their organization email address, they will be automatically be redirected to the SSO login page and the user can log in with their SSO credentials.

SSO will provide the authentication that allows the user to sign into Tanzu Observability. After the user is authenticated, Tanzu Observability will control what the user can access. A new user will be by default automatically added as a member of the Everyone group and inherit all permissions assigned to that group.

Any user account assigned roles, permissions or group memberships can be altered after the user has authenticated for the first time into Tanzu Observability.

 

 

See also:

Authorization in Wavefront

Authentication with SSO Providers

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk