# Troubleshooting SSO and provisioning

## SSO connection doesn’t work

There may be several reasons why your SSO connection doesn't work properly:

* The user entered an invalid key or you sent them an invalid login URL. See [Broken link](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/broken-reference "mention").
* The user is not a member of any organization in the enterprise. See [organization-members](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/users-and-permissions/organization-members "mention").
* The group synchronization failed. See [Broken link](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/broken-reference "mention").
* The SSO configuration is incorrect.
  * Check the attribute mapping (specifically email).
  * If it still doesn’t work, check the other SSO settings and test your connection.
  * See also [#checking-setup-warnings](#checking-setup-warnings "mention") below.
* You use GitHub and SSO and have configured an IP allow list in GitHub. In that case, disable the configuration in GitHub and try again.

## 403 error on signing in via SSO

If you encounter a 403 error during SSO sign-in, it may be due to having multiple sign-on URLs configured in your identity provider. To resolve this, ensure that you configure only one sign-on URL. Use the value from the **Single Sign-On URL** field in the SonarQube Cloud's SSO setup assistant for this configuration. For more information, see [#create-and-setup-the-sonarqube-cloud-application-in-your-identity-provider](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/setup/saml-sso#create-and-setup-the-sonarqube-cloud-application-in-your-identity-provider "mention").

## SCIM provisioning doesn't work

You should first check for setup warnings as explained below.

{% hint style="info" %}
SCIM provisioning will not work properly if Single-Sign On has not been properly set up in your system.
{% endhint %}

## Checking setup warnings

1. Retrieve your enterprise. See [managing-enterprise](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-enterprise "mention") for more details.
2. Select **Administration** > **SSO & Provisioning**. The **SSO & Provisioning** page opens.
3. Select **Configure SSO** or **Configure provisioning**. The **Configure Your Connection** page opens. Setup warnings are indicated on this page as illustrated below.

<figure><img src="broken-reference" alt="Warnings are shown on this page. Start the setup assistant and follow the instructions to address the warning."><figcaption></figcaption></figure>

4. If there is a warning, open the corresponding setup assistant and follow the instructions.

{% hint style="danger" %}
The SSO's attribute mapping was changed recently. If your SSO setup was performed before this change, a warning will be displayed on this page for **Single Sign-On**. In that case, select **Single Sign-On** and follow the instructions to update your mapping in SonarQube Cloud. Check also the attribute mapping in your identity provider to make sure it matches the new SonarQube Cloud's mapping. For more information, see [#create-and-set-up-the-sonarqube-cloud-application-in-your-identity-provider](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/setup/saml-sso#create-and-set-up-the-sonarqube-cloud-application-in-your-identity-provider "mention").
{% endhint %}

## Related pages <a href="#related-pages" id="related-pages"></a>

* [sso](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/about/sso "mention")
* [setting-up-sso](https://docs.sonarsource.com/sonarqube-cloud/getting-started-with-enterprise/setting-up-sso "mention")
* [edit-or-delete-sso-setup](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/edit-or-delete-sso-setup "mention")
* [Broken link](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/broken-reference "mention")
* [#deleting-sso-account](https://docs.sonarsource.com/sonarqube-cloud/managing-organization/users-and-permissions/user-on-and-offboarding#deleting-sso-account "mention")