This article is for IT Contacts or staff setting up SSO in Pulse.
If an error message appears in Pulse or your SSO platform after setting up Single Sign-on (SSO), ensure the details for your SSO are correct and use the error to help troubleshoot the issue.
Troubleshooting ‘No email claim present in response from IdP’ error
Image 1: “No email claim present in response from IdP” error.
This error occurs when the Identity Provider’s email attribute is incorrectly mapped in your SSO provider (for example Google, Microsoft).
To fix this issue, make sure the email used in your SSO Identity Provider is correct and matches the NameID element of the SAML metadata file. Then, follow the steps in the downloadable guide for your Identity Provider to ensure all required details are entered correctly.
Info
If your school has a cloud-only directory using Azure AD/Entra ID – the Email Address field will not be filled in by default and will probably cause this issue. The same may occur if the Azure/Entra accounts are being created from on-premise Active Directory and the “Email” field in Active Directory is not filled in.
Troubleshooting platform-specific errors
Google: “malformed_certificate” error
The malformed_certificate error occurs when the SAML metadata.xml given to Pulse differs from the certificate that Google has on record for you. It can also mean the certificate is corrupted or missing.
Image 2: "malformed_certificate" error
- Sign in to the Google Admin console with your administrator account and go to Apps > Web and mobile apps (or SAML apps, depending on your view).
- Find the SAML app you set up for Pulse and select the name of the app to open its settings page.
- In the app settings, select Download Metadata and download the XML metadata file.
- In Pulse SSO Setup, upload the XML metadata file.
- Continue with the Pulse SSO Setup process.
Google: “app_not_enabled” error
Image 3: “app_not_enabled_for_user” error
An app_not_enabled error happens when you don’t have the correct permission (for example, an IT Administrator or IT Contact) to access Pulse SSO configuration in Google Workspace. Sign in to Google Workspace Admin Console and:
- Check that you have the correct permissions to configure SSO in Pulse.
- Ensure your permissions configured in Google match those provided in the SAML metadata. The steps to configure these permissions are outlined in the SSO downloadable guide. See Step 4 of Part 2: Configure Single Sign-On (SSO).
- Ensure the app ID is correct.
Check Google’s troubleshooting steps for SAML app error messages for more information.
Microsoft: “AADSTS50105” error
Image 4: "AADSTS50105" error
Error AADSTS50105 occurs when the user setting up SSO in Pulse doesn’t have matching permissions between Pulse and Microsoft Entra or Active Directory. Ensure you have Administrator permissions for both systems.
Refer to Error AADSTS50105 - The signed in user is not assigned to a role for the application (Azure | Microsoft Learn) and Quickstart: Create and assign a user account for instructions.
How will I know if my SSO provisioning is successful?
Pulse will send you an email containing the SSO activation link once provisioning is complete (this can take up to 30 minutes). Open the link and follow the instructions on the SSO activation screen. See Part 3: Activate SSO for the steps.
What to do next
If you have followed the steps above and still encounter issues, contact Linewize Support and provide the details of your issues, including:
- the SSO configuration stage where you encountered the issue
- screenshot of the issue or error message
Comments
0 commentsPlease sign in to leave a comment.