Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
5
Replies

UCCX SSO enabled showing "Access denied" on appadmin page

aabualnadi
Level 1
Level 1

‎03-13-2024 03:36 AM - edited ‎03-13-2024 03:40 AM

error message.pngHello Team,

i am facing issue on UCCX 12.5SU3 where it's SSO enabled, the integration with the IdP looks good.

however, if i try to login to appadmin page using SSO, the authentication success but the UCCX shows
"Access Denied 
The attempted action is not allowed because it violates security policies."

does anyone have any clue why this is happening ?

Labels:
0 Helpful
5 Replies 5

b.winter
VIP
VIP

‎03-13-2024 03:43 AM - edited ‎03-13-2024 03:44 AM

You are being automatically logged in via SSO with your Windows User. That's what SSO is there for.
But I assume, your user is not added to UCCX and / or doesn't have the correct priviliges.

You should use the "recovery URL" instead.

0 Helpful

aabualnadi
Level 1
Level 1
In response to b.winter

‎03-13-2024 03:48 AM - edited ‎03-13-2024 03:49 AM

thanks for response @b.winter 

i am trying to login with different user than the windows user

when i access the appadmin page i get redirected to a SSO login page in our IdP 

i enter the username and password and the login success

after that i get redirected again to the (https:/FQDN/appadmin/main)

showing the error message above.

 

i wanted to note that i am using account (uid@domain1) to login to the SSO where the login success

and the UCCX FQDN is (ccx@domain2) is that difference in domain could cause this issue ?

0 Helpful

b.winter
VIP
VIP
In response to aabualnadi

‎03-13-2024 03:56 AM

"enter the username and password and the login success": Which username / password? You cannot use the default admin (which was set during Installation of the VM) in the SSO page, because it is not AD. But that should be logical.

The user you use for login via the SSO page needs to be a user in UCCX and have the correct priviliges.

And again: If you wanna use the default admin to login, you have to use the recovery url, to bypass SSO authentication.

0 Helpful

aabualnadi
Level 1
Level 1
In response to b.winter

‎03-13-2024 04:01 AM

yes i understand that the default admin user need to be used in the recovery URL 

i am using another user for example (ccxuser@domain1) this in the CCX and have administrator rights.

if i disable the SSO and try to login with that user, everything works well and i can access the appadmin page

but this only happen in SSO login.

0 Helpful

b.winter
VIP
VIP
In response to aabualnadi

‎03-13-2024 05:01 AM

The admin guide states the following:

bwinter_0-1710331249624.png

But maybe you should check the Tomcat logs for further details.

0 Helpful
Customers Also Viewed These Support Documents