Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

SSO Troubleshooting: User Cannot Be Saved

Learn why user creation or updates fail during SSO and how to resolve it

What This Error Means

During single sign‑on, a user sees the following error:

User Cannot Be Saved

This occurs when Just‑In‑Time (JIT) user provisioning is enabled and Foundry is unable to create a new user or update an existing user during the SSO process.

Why This Happens

During SSO, Foundry attempts to either:

  • Create a new user (if the user does not already exist), or
  • Update an existing user (if the user can be identified by NameID or a mapped email address)

This error appears when that create or update action fails due to invalid, missing, or conflicting user data.

Scenario 1: Error Occurs When Creating a New User

This scenario applies when the user signing in via SSO does not already exist in Foundry.

If Allow registration via SAML (JIT provisioning) is enabled, Foundry attempts to create a new user using:

  • Default values from the identity provider configuration, and
  • Any mapped SAML attributes

The user cannot be saved if any required data is missing or invalid.

Common causes include:

  • A required attribute (first name, last name, or email) is missing
  • The email address already exists on another user (emails must be unique)
  • A mapped value for user type, role, or location is invalid


Scenario 2: Error Occurs When Updating an Existing User

This scenario applies when Foundry identifies an existing user using the NameID or a mapped email address.

If attribute mapping is enabled, Foundry attempts to update the user’s profile during SSO. While less common, update failures can occur when:

  • A mapped email address belongs to another user
  • A mapped location or role value is invalid

Because email addresses must be unique, Foundry cannot save the update if the email is already in use.

How to Resolve the Issue

  1. Review the user data being sent in the SAML response
  2. Confirm all required attributes are present and valid
  3. Check for duplicate email addresses
  4. Validate mapped values for:
    • User type
    • Role
    • Location

After correcting the data issues, retry the SSO login.