Skip to main content
All CollectionsAPIs and Integrations
Why is my SSO not working?
Why is my SSO not working?

Synthesia SSO configuration issues

Updated over a week ago

Common issues faced when attempting to login in with SSO:

  1. Paywall: After following the steps to login with SSO, the user sees options to buy Synthesia. This means the user is not part of the workspace: either it is a new user or the email of the user provided by Azure AD is not the one already in used. Invite the user to the workspace.

  2. Blocked by Admin: After following the steps to login with SSO, a message is displayed from Azure AD indicating an error and that it is blocked by Admin. To log in to Synthesia, the user needs to be added in the relevant group in Azure AD. Ask your IdP (Azure AD) administrator to add you in.

  3. Redirection to app.synthesia.io with an error: After following the steps to login with SSO, the user is redirected to app.synthesia.io with a SAML error. Ask your IdP (Azure AD) administrator to check that:

    • The NameID is set in lower case. If not done already, apply a lower case function.

    • The email claim has to be available with the attribute email .

SSO Troubleshooting Steps:

Troubleshooting Steps to Retrieve IdP Response in a HAR file:

  1. Open your browser and navigate to the page where you are experiencing the issue.

  2. Open the Developer Tools panel and select the Network tab at the top.

  3. Check the box for Preserve log to ensure all network activity is recorded.

  4. Perform the login attempt as you normally would.

  5. Look for a network request labeled with idpresponse in the list of network activity. This is the key request we need to verify the configuration.

  6. Right-click on the idpresponse request in the Network tab.

  7. Select Save all as HAR with content from the context menu.

  8. Save the file to your computer.

Troubleshooting Steps to Analyze the IdP Response:

  1. Use the Filter bar in the Network tab to search for idpresponse.

  2. Select the correct request and response from the filtered results.

  3. Go to the Payload section of the request.

  4. Click View Source to see the full payload.

  5. Copy the content of the payload and paste it into samltool.io.

  6. In the SAML response, check the following:

    1. NameID is in lowercase.

    2. Email attribute is present.

If you still face issues logging in with SSO after trying the above troubleshooting steps, reach out to Synthesia Support Team for assistance.

When reaching out to the support team please prove the following information:

  1. HAR file containing the idpresponse for analysis.

  2. The exact URL used to log in to the system.

  3. List of Users who are able to log in successfully and a list of users who are unable to log in.

  4. A screenshot of the SAML configuration that shows:

    • Email is provided

    • The NameID is in lowercase.

This information will help the support team understand your setup and expedite the troubleshooting process.

Notes:

Related Articles
How do I configure SSO for Synthesia?
How can I prevent self-serve subscriptions for SSO users in my organization?
How do I setup Azure AD for SSO Configuration with Synthesia?
Did this answer your question?