Troubleshoot SAML Login
If users cannot log in using SAML login, review the SAML log to find out more details. By default, the log is located at
C:\ProgramData\SolarWinds\Logs\Orion\SAML.log.
Test your SAML configuration
- Click Settings > All Settings > SAML Configuration, and then click Test Configuration.
- To test SAML configuration on the computer you have the SolarWinds Platform Web Console open, click Test Configuration.
- To test whether SAML login works correctly for other users on other computers, click Copy and send the link to the user who is attempting to log in using the SAML protocol from another computer. If the output is unsuccessful, instruct the user to copy it and send it to the administrator.
- The Test SAML configuration page opens with the results of the test. You can see the test sent to your Identity Provider and its response. Use the response to troubleshoot the issue or send it to your administrator.
Troubleshooting tips
Review the following requirements and recommendations for using SAML login.
Use a browser that supports SSO login
Make sure that users open the SolarWinds Platform Web Console in a browser that supports SSO login, such as Chrome, Firefox, or Edge. Internet Explorer does not support SSO login. See SolarWinds Platform Web Console browser requirements.
Use the SSO button (requires a SAML account for SolarWinds Platform Web Console)
To log in to the SolarWinds Platform Web Console using SAML, you cannot manually type your credentials into the login screen. You need to use the SSO button. The button only becomes available when you have your SAML account defined in the SolarWinds Platform.
To use the SAML account, you need to add the account to SolarWinds Platform as an individual SAML account, or add the SAML group account the user is a member of.
Use an individual or group SAML account in the SolarWinds Platform Web Console
SolarWinds Platform supports both individual and group SAML accounts.
-
For group SAML accounts, the
OrionGroups
attribute is mandatory in the SAML response to provide group membership information about the user who is logging in to SolarWinds Platform Web Console. -
For individual SAML accounts, the group membership information about the user isn't required.
In SolarWinds Platform, SAML groups cannot be combined with Windows groups. To use SAML authentication in the SolarWinds Platform Web Console, you can only use SAML accounts or groups for this authentication type.
SAML authentication is configured properly but cannot log in to Orion
If you test the SAML configuration and the result says that the groups claim OrionGroups
is missing, check your identity provider settings. Verify that the OrionGroups
attribute is configured correctly. The attribute contains the user groups and is necessary for SAML groups authentication.
- For AD FS, see Step 2 (5) in Configure Active Directory Federation Services for single sign-on login to the SolarWinds Platform Web Console
- For Okta, see Step 2 (2e) in Configure Okta for single sign-on login to the SolarWinds Platform Web Console
SAML authentication is not supported with SDK or other external tools
The SAML authentication works only in the browser and not for API, Network Atlas, or other external tools.
Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment. You elect to use third-party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.