cancel
Showing results for 
Search instead for 
Did you mean: 

Enable now with multiple sub domains

0 Kudos

We have configured the SAML with our AD from Enable now, It is working for the users under ABC.com domain but with user who are part of subdomain XYZ.ABC.com are unable to login thru SAML (it is requesting network user id and password) but if user is manually created in enable now user is able to login using SAML with sub domain account(subdomain XYZ.ABC.com), Please coudl you advice how to proceed , Please also setup the working session we can share the screen and walk thru the procees,

Accepted Solutions (0)

Answers (1)

Answers (1)

DirkManuel
Active Contributor

It sounds like AD isn't successfully authenticating - or is not sending the info SEN needs. Check what attributes the SCP is sending. SEN needs the ID, Firstname, Lastname, Email, and the ID needs to be the same as used for SSO. Check that the ID being sent is consistent for ABC.com users and XYZ.ABC.com users (same format in both cases - and the same format you enter it when manually creating a user). You can install/run the SAML Tracer plugin in Chrome and check the NameID being sent. Most likely you'll need SAP's help to fix it, so I'd suggest opening an Incident now, and seeing where that takes you.