This section identifies best practices that will minimize login errors and streamline the login process.
Verify User Accounts
To avoid login errors, regardless of the authentication mode, confirm that:
-
Users have valid, properly defined accounts in OneStream System Security. Ensure that their username in an external IdP is specified as their External Provider User Name.
-
User accounts are active and were not disabled either in System Security or in the OneStream Framework database.
See "Creating and Managing Users" in the Design and Reference Guide.
Add an Email Address for Each User
To support all features of OneStream IdentityServer, add an email address for each user profile. An email address is needed to reset a forgotten password for OIS native authentication users.
Manage Native Accounts
Users you create in OneStream can be configured as native users. This means their accounts and passwords are managed in OneStream. Native authentication is treated as an additional identity provider, so using an external IdP with native authentication activates the Log In "Home Realm Discovery" dialog box.
As a best practice, if you are not using OneStream IdentityServer native accounts, you should submit a Support ticket to disable native authentication. See Native Authentication.