Skip to main content

Troubleshooting SSO Issues

Quickly identify and resolve common Single Sign-On (SSO) problems using simple checks and fixes.

SSO Requirements and Considerations

  • Only one Identity Provider (IdP) is supported per company

  • Users are identified by email only

  • SSO users are created after the first successful login

  • Older setups may have domain configuration differences

Common SSO Issues and Fixes

Before You Start, answer these questions to narrow down the issue:

  • Is the issue affecting one user or multiple users?

  • Does the issue happen every time or only sometimes?

  • Does it work in an incognito or private browser window?

These answers help determine the root cause faster.

“We Can’t Find Your User” Error

Knak matches users by email. Your Identity Provider (IdP) must send the user’s email as the SAML NameID for SSO to work correctly.

Azure

Update your Azure SSO configuration:

  1. Open your Knak Enterprise Application in Azure

  2. Go to Single Sign-On (SAML)

  3. Find Unique User Identifier (Name ID)

  4. Set the value to:

    user.mail

  5. Save your changes

  6. Retry Continue with SSO

Okta

Okta sends email by default. Issues usually happen after customization.

  1. Open your Knak app in Okta

  2. Go to Sign On settings

  3. Locate Name ID format / Application username

  4. Set it to use the user’s email

  5. Save and retry login

Ping (or Other SSO Providers)

Your IdP must send email as the SAML NameID.

  1. Open your IdP SAML configuration for Knak

  2. Locate NameID settings

  3. Set NameID to the user’s email address

  4. Save changes

  5. Retry login

"Continue with SSO" Button Fails but Direct Login Works

You can log in using your company’s SSO login URL, but the “Continue with SSO” button does not work.

Why this Happens:

These two login methods handle your identity differently:

  • “Continue with SSO” button
    → Requires your email to match exactly in Knak

  • Direct IdP login URL
    → May allow login using a different identifier

If your Identity Provider (IdP) sends something other than your email (such as a username or internal ID), the button flow will fail.

How to Fix

Update your IdP to send your email as the SAML NameID.

  1. Ensure the identifier matches your email in Knak

  2. Retry using “Continue with SSO” after updating

How to Confirm

  1. Try logging in using the direct IdP URL

  2. If that works, but the button fails, this is likely the issue

One User Cannot Log In

Potential Reasons:

  • Email address was recently changed

  • User was removed and re-added

  • IdP and Knak emails do not match

How to Fix

  • Confirm the email in your IdP matches your Knak account

  • Retry login after updating

SSO Works Sometimes but Not Always

Intermittent failures or "redirect to Knak login" that resolves on retry. Other browsers and incognito mode resolves the login issue.

Potential Reasons:

Browser session or cookie issue

How to Fix

  1. Open Knak in your browser

  2. Click the lock icon in the address bar

  3. Open site settings

  4. Clear cookies for Knak

  5. Close all tabs

  6. Reopen and sign in again

💡 You can also test using an incognito or private window

Redirected to Knak Login Instead of Your IdP

You click “Continue with SSO”, but instead of being redirected to your Identity Provider (IdP), you are taken back to the Knak login page.

Potential Reasons:

Knak cannot determine which IdP to send you to. This usually happens when:

  • Your SSO configuration is incomplete or misconfigured

  • Your company’s domain or connection is not recognized

  • There is a mismatch between expected login domains

How to Fix

Step 1: Try direct login

  • Use your company’s SSO login URL

  • If this works, your SSO setup is partially correct.

Step 2: Contact Knak Support

Share the following details:

  • Your company name

  • Your user email

  • What happens when you click “Continue with SSO”

  • Whether all users are affected

  • Whether the issue started after a recent SSO change

  • Whether direct login also fails

Logout Does Not Redirect to Your SSO login page

You log out of Knak, but you are not redirected to your Identity Provider (IdP) logout screen.

Potential Reason:

  • A logout redirect URL is not configured for your account

How to Fix

  • Contact Knak Support

  • Share your user access URL

  • Support will configure the logout redirect for your account

SSO Fails for Multiple Users

Several users from your company cannot log in at the same time.

Potential Reasons:

  • IdP outage or configuration issue

  • Possible system-wide issue

How to Fix

  • Check with your internal admin

  • Contact support with details

Need more help? Contact support via live chat using the chat bubble in the bottom right corner or email support@knak.com.

Related Articles
Administrator Settings
General SSO Setup (SAML 2.0)
Set Up Single Sign-On (SSO) with Okta
Azure SSO
Setting Up Login Options in Knak
Did this answer your question?