Cisco Cloud Gateway SSO issue

vheng · ‎08-10-2022

Error — Authorization Failure! Please contact your administrator. When click on Use Single Sign On

Am configure SSO with Azure AD. look like it pass the Authentication - cause it allows me to input username + password and MFA and Then the error message Authorization. I think may be i configure this section wrong Users > External Authentication > Enable SAML.
Attribute Name, Group Name, and Group Mapping. would someone explain this section what is the input here?

attribute name,group name field i leave it blank. Group Mapping : Object Id ( of the AAD group) + Cloud Administrator role, Object Id( of the AAD Group) + Cloud Help Desk. and in the AAD Group - i added users to it.

Robert Sherwin · ‎08-12-2022

That will be the Object ID from MSFT side.

Please make sure to record the Object ID for Groups and/or Users you assign. You can view the Object ID from Azure AD and your application by clicking on Users and Groups and then clicking on the Display Name of the Groups or Users you have assigned. The Object ID is needed for Cisco Secure Email Gateway configuration, System Administration > Users > External Authentication > Global Settings. This will be covered towards the end of this guide.

Check out my guide to this here:

ESA Configure External Authentication and Attributes on ESA

Cheers,
Robert Sherwin