Skip to content
English
  • There are no suggestions because the search field is empty.

Email Address Already Exists Error (SSO)

Learn why this error occurs during SSO login and how to resolve it

What This Error Means

If a user attempts to log in via SSO and receives an error stating that their email address already exists, Foundry is trying to create or update a user profile using an email address that is already assigned to another user.

This error occurs when Just‑In‑Time (JIT) user provisioning is enabled.


Why This Happens

This error typically occurs in one of the scenarios below.

Scenario 1: Matching SSO ID, Duplicate Email Address

In this scenario:

  • The NameID from the SAML response matches an existing user’s SSO ID in Foundry
  • Foundry is configured to map the email attribute from the SAML response
  • The incoming email address is different from the email currently saved on the matched user
  • Another Foundry user already has that incoming email address

Because email addresses must be unique, Foundry blocks the update and the login attempt fails.

How to Resolve Scenario 1

  1. Identify the duplicate user who already has the email address
  2. Update that user’s email to a placeholder value (for example, a non‑real email address)
  3. Decide which user record should be the active account going forward
  4. Confirm the active user has:
    • The correct SSO ID
    • The correct email address
  5. If both users have training history, you may need to merge or archive one of the accounts

Example

Incoming SAML response

  • NameID: jdoe
  • Email: jdoe@company.com

Existing Foundry users

Property User A User B
SSO ID jdoe
Email janedoe91@gmail.com jdoe@company.com

Foundry matches User A by SSO ID and attempts to update their email to jdoe@company.com. Because User B already has that email, the update fails and login is blocked.


Scenario 2: No Matching SSO ID, Duplicate Email Address

In this scenario:

  • The NameID does not match any existing Foundry user
  • JIT provisioning is enabled
  • Foundry attempts to create a new user using the email from the SAML response
  • That email address already exists on another user

Because the email is already in use, the new user cannot be created and login fails.

How to Resolve Scenario 2

  1. Locate the existing user with the email address
  2. If that user should be logging in via SSO:
    • Ensure the incoming NameID exactly matches the user’s SSO ID
  3. Check for case sensitivity
    • NameID and SSO ID must match exactly, including capitalization