Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2042
Views
0
Helpful
1
Replies

SSO for SMA

Doug Maxfield
Level 1
Level 1

‎04-23-2020 06:35 AM

Hello, We would like to get SSO working for logging into SMA. We currently have is setup for Spam Quarantine in SMA but would like to get it working for the Administrative side. I followed the instructions that were provided in Ver 13 for ESA SSO, changing the needed settings for SMA. But when attempting to get in, I get: Error — Authorization Failure! Please contact your administrator. Is SSO supported for admin logins to SMA? If so, ideas on what my issue could be? Thanks Doug

1 person had this problem
Labels:
0 Helpful
1 Reply 1

ppreenja
Cisco Employee
Cisco Employee

‎04-23-2020 06:01 PM

Hello Doug,

This error indicates authentication passed, but authorization failed at the SMA.
Focus on the settings within the Users > External Authentication > SAML.
Attribute Name, Group Name, and Group Mapping.

Also, in one of the similar issues, it was found that the problem was with the difference in the “Sign Assertion”.
Basically, the IdP was configured to retrieve only the ‘mail’ and ‘uid’ attributes, and none of them were matching the Group names on the SMA configuration.

I hope the above information might be helpful.

Cheers,
Pratham
0 Helpful
Customers Also Viewed These Support Documents