HomeEngagementContentDiscoveryOther resources
Guides

Unified SSO troubleshooting

Suggest Edits

👍

Welcome note

Unified login is in the process of being applied to all users throughout September 2025.

Access the pre-existing documentation here: Administration.

This page helps you solve common issues with SSO authentication, authorization, and SSO user access management. For setup instructions, see:

We have grouped the solutions into categories for easy navigation.

SSO authorization troubleshooting

SSO login failed

The solution depends on the error message you see:

1. The role mapping field is empty or isn't present.

This error occurs when the identity provider doesn’t send a role_mapping field.

Solution:

2. The role mapping “incorrect mapping value” doesn't exist in this account.

This error occurs when the role_mapping value from the identity provider doesn't match any mapping role name in Bloomreach.

Solution:

  1. Verify the exact role_mapping value sent by your identity provider. The role_mapping value locations are provided in the Azure AD and Okta authorization guides, respectively.
  2. Check that a mapping role exists in Bloomreach with an identical name.
  3. Create a new mapping role if needed, ensuring the name matches exactly.
  4. Verify the connection by logging in using the SSO.

Unable to log in after enabling SSO authorization

This error occurs when there is a misconfiguration in the role_mapping values between the identity provider and Bloomreach.

Solution:

  1. Use the emergency recovery access link (for SSO Account Admins) (your-instance-url/recovery-access).
  2. Check your email for the recovery link sent from Bloomreach.
  3. Log in and verify your mapping role configuration.
  4. Ensure your user account has the correct role_mapping value in the identity provider.
  5. Log in to Bloomreach using SSO to verify the new setup.

Incorrect or no permissions assigned after SSO login

This happens when roles aren't assigned correctly in the identity provider, or Bloomreach and the identity provider role assignment don't match.

Solution:

  1. Log in to Azure AD or Okta (admin) and observe the role_mapping parameter setup.
  2. Log in to Bloomreach (admin) and compare the role_mapping parameter from the identity provider with the “incoming role name” value in Bloomreach.
  3. If they don’t match, correct the values to match the required role permissions.
  4. Log in to Bloomreach using SSO to verify the new setup.

Can't find your issue?

Contact our support team if your issue isn't covered in this guide.

Updated about 6 hours ago