Skip to main content
All CollectionsLogin & AuthenticationSingle Sign-On
SSO configuration errors and recommended solutions
SSO configuration errors and recommended solutions

Summary of commonly seen SSO errors

Evelina Lundmarck avatar
Written by Evelina Lundmarck
Updated over 3 months ago

In this article, you will find a summary of commonly seen errors, which can occur due to misconfigurations in the Single sign-on (SSO). To resolve the potential issues, changes may need to be made in both, Teamtailor and in the customer's Identity Provider (IdP) (AzureAD, Google, Active Directory, Okta etc).

The errors could be displayed on the login page for unique users or on the page for Security → SSO. The types of errors are the following:

  • Invalid Signature on SAML Response

  • Invalid Audience

Error: Invalid Signature on SAML Response

Description: This error indicates that the cryptographic signature of the SAML response from the IdP does not match the certificate stored in Teamtailor.

Resolution: Create a new certificate in your IdP and upload the new certificate to Teamtailor.

Error: Invalid Audience

Full error message

Invalid Audience. The audience <value received from customer>, did not match the expected audience https://tt.teamtailor.com/auth/sso/<customer_teamtailor_id>/metadata

Description: This error is shown if the customer has entered the wrong information in the Entity ID field in their IdP.

Resolution: Update or change the Entity ID in your IdP.

The value in Entity ID should be on the form of [https://tt.teamtailor.com/auth/sso/<customer-unigue-key>/metadata]

Did this answer your question?