Unable to correlate SAML Assertion to Identity via SAMLCorrelationRule - Azure SSO with IdentityIQ

Hi All,

I am looking for pointers on Azure SSO integration with IdentityIQ.

We have followed IdentityIQ SAML documentation and configured SAML based SSO in IdentityIQ.

The integrations works fine if IIQ finds a matching identity.
If IIQ doesn’t find any matching identity we are getting the IIQ login page and “Unable to correlate SAML Assertion to Identity via SAMLCorrelationRule” exception logged in logs.

We have followed " Configuring IdentityIQ for SAML SSO" from https://community.sailpoint.com/t5/Technical-White-Papers/IdentityIQ-Login-Configuration/ta-p/76904#toc-hId--1985535597

Please let me know if any more details required.

Thank you!
Sailaja

Is the current behavior aligned with your expectations for this specific use case, or were you anticipating a different outcome?

I think it should be redirected error page not login page. Was login page redirection expected behavior?

Thank you!
Sailaja

This is pretty much the OOB/standard authentication flow. The reason it pops to the login page is to allow alternative authentication methods (like pass-through auth to AD/LDAP and IIQ internal authentication). The reasoning behind this is so that admins (and possibly users) can have a means to access the system if for some reason SSO went offline.

Considering the end user’s perspective and their experience, I would personally prefer encountering the login page rather than an error page. Brian aptly highlighted the rationale behind this decision.

Should you really have people authenticating that aren’t in SailPoint

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.