Resolve Common Errors

This section describes how errors display and how to resolve common issues.

Global Errors

When an environment is enabled for OneStream IdentityServer, generic messages about unrecoverable issues display on a Global Error Message page. For example:

""

These issues can range from network and other communication problems to system configuration errors. Administrators resolve these issues. Other errors may display that are specific to how an environment is configured for user authentication, such as the number of external IdPs used.

Single External IdP Configuration

If you use one IdP, the Global Error Message page may also display errors related to a user's authentication. For example, if a user authenticates through their IdP but is not a valid OneStream user or has a disabled user account, the following error displays.

""

Multiple External IdP Configurations

If you use multiple IdPs, the Login dialog box may display errors and warning messages related to login and application access issues. For example:

Resolve Common Errors

This section identifies how to resolve common errors you may encounter during OneStream IdentityServer and IdP configuration or at login.

Disabled Accounts

This error indicates that a user has valid IdP credentials or a token, but their user account in OneStream was manually disabled or disabled due to inactivity.

""

See "Managing Users" in the Design and Reference Guide.

User Account Does not Exist in OneStream

This error indicates that a corresponding user account must be created in OneStream and configured for OneStream IdentityServer.

""

Native Login not Enabled

This error indicates that native login is not enabled for the user account. To resolve this issue, submit a Support ticket requesting environment-specific support for native authentication. Environments must be initially configured for native authentication before you can use native login capabilities. Then, enable the user account for native authentication. See How Users are Configured for Authentication and Native Authentication.

Another User is Logged In

This error indicates that a valid SSO token is being used by another user, which conflicts with the external username that you specified when logging in. To resolve this issue, the other user must log out of their IdP and clear cookies.

""

User Must Reset Password

This warning indicates that a password has expired or has updated security requirements. To resolve this issue, the user must reset their password.

User is not Configured to the External IdP

This error indicates that the user attempting to log in with OIS is not configured to the external IdP. This error message is provided by the IdP.

External IdP has an Expired Certificate

This error indicates that the encryption certificate or signing certificate for the external IdP is expired. To resolve this issue, upload a valid certificate for the external IdP in the Identity & Access Management Portal. See Manage SAML 2.0 Identity Providers.

An IdP is Unavailable in User Authentication Settings

All properly configured IdPs should be available in System Security as External Authentication Providers options, as shown below. You can customize External Authentication Provider labels to make them more intuitive. If an IdP does not display, check the configuration in the Identity & Access Management Portal. See Identity Providers. Contact Support or the Cloud Operations team if needed.

""