If you're seeing the error message "SAML response missing required custom identifier." when trying to login, it means that our system isn't receiving a piece of information from your company's Identity Provider (IdP) that it needs to uniquely identify you. Here are the common reasons for this error and how to troubleshoot it:

1. Mismatched or missing Entity ID:

What to do: The Entity ID is a unique identifier for your IdP. If the Entity ID configured in our application doesn't match the Entity ID in your IdP's SAML configuration, this error can occur.

• Verify the Entity ID: Carefully check the Entity ID in your IdP's settings and ensure the Entity ID matches what is specified in our setup instructions.
• Re-upload Metadata: If any changes are made to the Entity ID in your IdP, you will likely need to download the updated metadata file from your IdP and re-upload it into our application's SAML settings to reflect these changes.

2. Incorrectly configured or missing required attributes:

What to do: SAML relies on attributes (like first name, last name, email) being passed in the response to identify the user. This error can appear if a required attribute, particularly a unique identifier (often referred to as NameID or a custom ID attribute), is missing or not correctly mapped.

• Check Attribute Mappings: Your SAML administrator needs to review the attribute mappings configured in your IdP for our application. Ensure that all required attributes, as specified here, are being sent and that they are mapped to the correct fields in our system.
• Unique User Identifier (NameID/Custom ID): Pay close attention to the attribute designated as the unique identifier for your users. While "NameID" is a common SAML term, your IdP might use a different term. Ensure that a consistent and unique attribute for each user (like their email address or employee ID) is being sent and that our system is configured to recognize it.
• Case Sensitivity and Exact Spelling: Attribute names are often case-sensitive. Double-check the spelling and casing of the attribute names in your IdP configuration against our requirements.

3. Discrepancy in the unique identifier field:

What to do: Some SAML implementations do not use the NameId field to identify a user. If this applies to your SAML configuration, you can specify the attribute name of your organization's unique identifier under "ID attribute name" in your configuration settings. The value entered in this field must precisely match the name of the attribute being sent by your IdP that serves as the unique identifier for each user. Your SAML administrator should check the "ID attribute name" field in our application's SAML settings and ensure it corresponds exactly to the attribute name configured in your IdP that holds the unique user identifier. If your organization does not use a unique identifier, this field should remain blank.

If you have gone through these steps and are still encountering this error, please contact our support team with a screenshot of the error, the impacted user's email address, and list what troubleshooting steps you have already tried. You can contact our support team by filling out this form, please select "Other" under Product Support Inquiry Type.