User Security Troubleshooting

End User Access

Situation	Description
SSO Login attempt displays the message "Login Identifier is not provided for user."	Below is one of the more common issues users can experience with SSO. For a user to successfully sign in with the Login Identifier (e.g. logon name, email address, employee number), the identifier needs to match what is in Serraview with what is in the Identity Provider(IdP) server on the client's side. If these do not match, a successful login token cannot be given to the user and the error message "Login Identifier is not provided for user" displays. If you see this message, contact the Serraview Support team. To resolve this the client needs to either provide Serraview with a matching identifier to what is in the IdP or vice versa. For how to check the Login Identifier, refer to Configure Default User Role and the Logon Identifier.
When I test the SSO set up, it creates a new user account instead of updating the existing user account?	Make sure the Login Identifier (e.g. logon name, email address, employee number), matches the identifier set up in Serraview with what is in the Identity Provider(IdP) server on the client's side. For how to check the Login Identifier, refer to Configure Default User Role and the Logon Identifier.
Why I can't sign in using SSO?	This can happen when your credentials have not been added to your company's IdP. This is common for new staff and third-party users. This can also happen if you (let's call you 'User A') are attempting to access an instance where SSO has not been set up, such as a UAT (user acceptance testing) Environment. In this case, you will need manual sign in. This can be initiated by someone else who already has access to UAT (let's call this person 'User B'): User B will need to create a user account using User A's email address. User B will then need to access the following page: https://[client_instance].uat.serraview.com/default.aspx?bypassSSORedirect=true 3. Click the Reset Password button. 4. Normally the password reset email will be sent directly to them, but since all emails in UAT Environment are set to Pending, User B will need to login and navigate to Configuration > Emails and then and push the password reset email to User A, refer to Reset password in UAT Environment. 5. User A should then get the email and follow the prompts to set up their password and sign in manually.
Why do I receive an 'Authentication failure due to an internal system error' message when trying to log into an instance?	When you attempt to log in to an instance and receive an error message "Authentication failed due to an internal system error. Please try again later or contact your System Administrator". This will occur when the user has attempted to use a different email address. Serraview will expect the email address to be: name.mycompany@serraview.com It will not expect the email address to be: name.mycompany@archibus.com You will need to correct the Serraview domain and then try to log in again.
Why am I seeing the message "You are not authorized to view this page"?	This message displays when you have incorrect or missing access. If the client's using SSO/IP Whitelisting, then this is an issue as it should sign them in automatically. If not, they will need to contact a System Administrator to set up the appropriate access.
Failed authentication when trying to sign into Serraview.	This is caused by a break in the link between the Serraview and the client servers. This will impact all users and you will need to contact your System Administrator.
SSO has been setup, how do I hide the Request Account link?	On the Sign In screen, the Request Account link displays when a Client is not using SSO. When SSO is set up you can hide the Request Account link, refer to Configure Request Account link.
Why can't a user save any changes?	Ability to save changes in Serraview you need to have the General - Save BAU secure action in your role.
The following error displays: Error: The login details you entered are incorrect. Please try again.	Users are unable to log in via normal Serraview login. This could be caused by: they do not have a user account. they are not a Serraview user type Normal and they should click the SSO button to sign into Serraview. they are trying to enter a username and password but their company has set up Single Sign On and they should click the SSO button to sign into Serraview.

System Administrator Manage User Access

Situation

Description

Why can't I add a new user?

Check the following areas:

Check that you have the following required secured actions to add users in Serraview:
- Configuration - Access
- Configuration - Security - Access
- Configuration - Security - Create User
Check whether the person you are adding is in the People data.
1. Navigate to Resources > People Directory.
2. Search for the person.
Check if the user is already added as an SSO user.
1. Navigate to Resources > User Security.
2. Click the SSO User button to display the SSO user account.
3. Search for the user account.

Why can't I find a user?

Check the following areas:

PROD Environment or UAT Environment

Check that you are in the PROD environment. The UAT environment will not always have the most updated data. For example:

UAT Environment has the URL format as:

https://[client_instance].uat.serraview.com

PROD Environment has the URL format as:

https://[client_instance].serraview.com

SSO Users

Check if they are SSO users, click the SSO Users button to display all users.

People Directory

Check if the user is in the people data:

- If they are not in the people data, you cannot create a user because the person does not exist.
- If they are in the people data, you can create a new user for that person.

Archived Candidates

Check the Archived Candidates, in case the user has been archived.

Cannot find the service account's Private Key.

If you lose the Private Key for the Service Account, then you will have to delete the Service Account and re-create a new Service Account.