Safeguard.sh Documentation Center
SSO Authentication

Testing & Troubleshooting

Verify a provider before rollout and debug the most common SSO sign-in errors.

Testing & Troubleshooting

  • Use the Test button next to a provider to verify Safeguard can reach it and complete a basic handshake, before rolling it out to your team.
  • The ACS/Callback/Metadata URLs shown after saving a provider point at localhost — this is a server-side misconfiguration, not something fixable from the UI. Contact Safeguard support.
  • Redirected back with ?error=IDP_ERROR — the IdP itself rejected or errored on the login attempt; check the message query parameter for the IdP's error description.
  • Redirected back with ?error=STATE_INVALID — the login attempt took too long, was replayed, or the browser lost its session state; have the user retry from the beginning.

On this page