By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

The user in Connect encounters an Error Message: Access Denied. Your account has been authenticated but has not been onboarded to this application.

0

A user from the customer encounters the error message: Access Denied. Your account has been authenticated but has not been onboarded to this application. He was the only user from the customer that encounters the error.

We have deleted and created the agent in User Management on Connect a couple of times and the user still encounters the error. We confirmed that the agent uses the same login email in their SSO and in Connect.

We have also found the documentation: https://docs.aws.amazon.com/connect/latest/adminguide/troubleshoot-saml.html, but we're still waiting for the customer to provide the HAR file.

Would like to ask if we have other solutions we could do to be able to onboard the agent?

Topics
Application IntegrationBusiness Applications
Tags
Amazon Connect
Language
English
rePost-User-7580821
asked 2 years ago1.6K views
1 Answer
2

Hi there!

This typically happens when the principal relayed from your SAML 2.0 IdP does not match exactly what has been created in the Amazon Connect user management page. You can see what principal is being passed from your IdP using CloudTrail. Ensure that that matches exactly, including capitalization and punctuation. Some IdP's rewrite these when federating to an external system like Connect.

profile pictureAWS
EXPERT
AWS-samfred
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content