SSO Authentication
Testing & Troubleshooting
Verify a provider before rollout and debug the most common SSO sign-in errors.
Testing & Troubleshooting
- Use the Test button next to a provider to verify Safeguard can reach it and complete a basic handshake, before rolling it out to your team.
- The ACS/Callback/Metadata URLs shown after saving a provider point at
localhost— this is a server-side misconfiguration, not something fixable from the UI. Contact Safeguard support. - Redirected back with
?error=IDP_ERROR— the IdP itself rejected or errored on the login attempt; check themessagequery parameter for the IdP's error description. - Redirected back with
?error=STATE_INVALID— the login attempt took too long, was replayed, or the browser lost its session state; have the user retry from the beginning.
Related
- RBAC, Teams & Organizations — roles, MFA, API keys, and how SSO fits into the broader identity/access model.
- Web Application — general web app login flow.