Skip to main content
SSO Configuration Errors

An overview of commonly encountered SSO errors and recommended solutions

Evelina Lundmarck avatar
Written by Evelina Lundmarck
Updated this week

In this article, you will find a summary of errors that can occur due to misconfigurations in the Single Sign-On (SSO). To resolve the potential issues, changes may need to be made in both, Teamtailor and in your Identity Provider (IdP) (AzureAD, Google, Active Directory, Okta etc).

The errors may be displayed on the login page for unique users or inside Teamtailor under Settings → Security → SSO. Below you will find error descriptions and resolutions for them:

Error: Invalid Signature on SAML Response

Description: This error indicates that the cryptographic signature of the SAML response from the IdP does not match the certificate stored in Teamtailor.

Resolution: Create a new certificate in your IdP and upload the new certificate to Teamtailor.

Error: Invalid Signature on SAML Response

Error: Invalid Audience

Full error message: Invalid Audience. The audience <value received from customer>, did not match the expected audience https://tt.teamtailor.com/auth/sso/<customer_teamtailor_id>/metadata

Description: This error is shown if the customer has entered the wrong information in the Entity ID field in their IdP.

Resolution: Update or change the Entity ID in your IdP.

The value in Entity ID should be on the form of [https://tt.teamtailor.com/auth/sso/<customer-unigue-key>/metadata]

Error: Invalid Audience

Did this answer your question?