If you encounter the error message "Invalid SAML response." when attempting to login, it indicates that our system received a communication from your company's identity provider system (IdP) that it couldn't validate. Here are the common reasons for this error and how you can troubleshoot it:



You might not be assigned to the application in your company's system.

What to do: The first step is to reach out to your internal IT team. Ask them to verify that your user account is correctly assigned to the specific application you are trying to access within your company's Identity Provider (e.g., Okta, Azure, etc.).

If that does not resolve the issue, please have your internal IT team look through these common causes and troubleshooting steps:

1. Expired or incorrect SAML certificate:

What to do: The SAML certificate used to secure the communication between our system and your IdP has an expiration date. If it has expired or the wrong certificate is configured, the response will be invalid. Check the SAML certificate for the application in your IdP. You will need to update this certificate. Please see this resource for more information.

If you are switching IdPs, please see this community post for some helpful tips for switching between SAML providers.

2. Issues with manually edited metadata:

What to do: If you have manually edited the existing metadata file (for example, by copying and pasting a new certificate into it), this can sometimes introduce errors. the best practice is to download a completely new metadata XML file from your IdP after the certificate has been updated and activated there.

3. Incorrectly configured encrypted assertions:

What to do: If your IdP is sending an encrypted SAML assertion, our system needs to be configured to decrypt it correctly. An incorrect setting on either side can cause this error. Verify if SAML assertion encryption is enabled in your IdP configuration for Lucid. If encryption is enabled, make sure the corresponding decryption settings are correctly configured in the admin panel. If you're unsure about this setting, it's often best to disable encryption for initial troubleshooting.

If you have gone through these steps and are still encountering this error, please contact our support team with a screenshot of the error, the impacted user's email address, and list what troubleshooting steps you have already tried. You can contact our support team by filling out this form, please select "Other" under Product Support Inquiry Type.