Solved: Two domains, Two AD sync. Receiving Ambiguous search results on SSO

smacgavin · ‎12-04-2024

Hello I've searched around the community but have not found anyone experiencing this same issue so maybe someone can help me out.

We have two domains and two separate active directories. IT staff have accounts on both domains and emails for both.

I have the both Active Directories setup as Authentication Sources for SSO. Two Authentication Proxies one on each domain. I've added Username aliases for the user for the email address of domain number 2.

When the email address for domain number 1 is added as an External Email Contact on domain 2 active directory and the user tries to login to an SSO application using the domain number 1 email I receive the error: Something went wrong. Please contact an administrator. (Ambiguous search results). Using the email from domain 2 still works fine.

If the users email for domain 1 is removed from the external email contact ou on domain 2 then they are able to login to an SSO application fine with their email from domain 1.

Any ideas?

colin_medfisch · ‎12-04-2024

Hey @smacgavin,

I'd recommend taking a look at Routing Rules. With Routing Rules, associate an email domain (or network space/application list) to a specific authentication source instead of having Duo SSO try all configured domains.

Give this a shot and let me know if it helps!

View solution in original post

colin_medfisch · ‎12-04-2024

Hey @smacgavin,

I'd recommend taking a look at Routing Rules. With Routing Rules, associate an email domain (or network space/application list) to a specific authentication source instead of having Duo SSO try all configured domains.

Give this a shot and let me know if it helps!

smacgavin · ‎12-04-2024

That was it thank you I was able to get it working I totally forgot about the Routing Rules!