Login using SSO - Knowledge base portal

Prev Next

Plans supporting this feature: Enterprise

Single Sign-On (SSO) allows you to access Document360's Knowledge base portal using your existing credentials from another Identity Provider (IdP). This eliminates the need to remember multiple passwords.

Logging in using SSO

To log in to the Knowledge base portal using SSO:

  1. Open your web browser and enter the URL of the Document360 Knowledge base portal you want to access.

  2. In the Email or Subdomain field, enter your email address or domain name.

    NOTE

    For new projects, users with SSO team accounts can log in only using their subdomain. Login via email has been deprecated to support scalability improvements.

  3. Once you've entered your email or domain, click the Continue with SSO button.

  4. You will be redirected to your IdP's login page. Enter your credentials to authenticate.

After successful authentication, you'll be automatically logged into Document360's Knowledge base portal.

IdP initiated sign-in

If the Allow IdP initiated sign-in option was enabled during the SSO configuration process, you can also log in directly from your IdP's dashboard. This means you don't need to visit the Document360 Knowledge base portal first. Simply navigate to your IdP's dashboard and look for the Document360 application. Click on it to initiate the login process.

By following these steps, you can easily and securely access Document360's Knowledge base portal using your existing SSO credentials.


Troubleshooting

If you encounter issues while logging in to the Knowledge base portal using SSO, refer to the following common errors and their solutions:

User access not assigned in IdP

Error: Sorry, but we’re having trouble signing you in. Your administrator has configured the application Document360 to block users unless they are specifically granted (assigned) access to the application.

This error indicates that users are not assigned to the Document360 application in the IdP.

Error message indicating trouble signing into Document360 due to access restrictions.

Steps to resolve:

To resolve this issue,

  1. Log in to the identity provider’s portal.

  2. In the identity provider’s portal, navigate to Applications, and select the Document360 application.

  3. Add the required users or groups to the Document360 application.

Once the users are added, they should be able to access Document360 without encountering the error.

No projects associated with email address

Error: There are no projects associated with this email address. Please contact your Project administrator.

This error indicates that the user’s account is not linked to any project in Document360. This can happen if the user has not been added or has been removed from Document360, but their account is linked to the Identity Provider (IdP).

A user receives a message about no projects associated with their email address.

Steps to resolve:

To resolve this issue,

  1. Log in to the Knowledge base portal as an administrator.

  2. Select the project to which the user needs access.

  3. Navigate to Settings () in the left navigation bar in the Knowledge base portal.

  4. In the left navigation pane, navigate to Users & security > Team accounts & groups.

  5. Check if you have added the user as an SSO account.

    • If the user's account exists but is not an SSO account, select the checkbox next to their account and click the Convert to SSO account option.

    • If the user is not listed as an SSO account, click Add > Team account and select the SSO user checkbox while creating the account.

Email address missing in SAML/ODIC response

Error: Email address is missing in SAML/ODIC response, please check your SSO configuration or contact support.

This error typically occurs when the email or name attributes in the SAML/ODIC response are not configured correctly in the Identity Provider (IdP). These attributes are case-sensitive, so it is important to ensure they match exactly as specified in the configuration.

User receives an error message about missing email address for SSO login.

Steps to resolve:

To resolve this issue,

Check attribute mapping in the Identity Provider (IdP)

  1. Log in to your Identity Provider (IdP) as an administrator.

  2. Verify that the attributes for email and name are mapped correctly.

  3. Confirm that the attribute names match exactly as specified in the Document360 documentation. For example,

    • Correct: “email” and “name”.

    • Incorrect: “Email”, “EMAIL”, “Name”, or “NAME”.

Update SSO configuration in Document360

  1. Log in to the Knowledge base portal as an administrator.

  2. Select the project where the SSO is configured.

  3. Navigate to Settings () in the left navigation bar in the Knowledge base portal.

  4. In the left navigation pane, navigate to Users & security > SAML/OpenID.

  5. Select Edit () for the existing configuration.

  6. Navigate to the IdP configurations section and ensure the mapped attributes in Document360 correspond to those configured in the IdP.

  7. Save the updated configuration.

Now, test the SSO login to confirm that the issue is resolved.

Single sign-on is not enabled for this email

Error: An error occurred while handling the request and ‘Single sign-on isn’t enabled for this email’

This error indicates that the user's email is not correctly configured in the Identity Provider (IdP) or in Document360.

Steps to resolve:

To resolve this issue,

  1. Log in to the identity provider’s portal.

  2. In the identity provider’s portal, navigate to Applications, and select the Document360 application.

  3. Check if the team accounts/readers are added to the Document360 application.

  4. If the team account/reader is missing, add them and assign the necessary permissions.

Next, check if the SSO configuration has been completed correctly in Document360. To verify if the SSO configuration is correct, check the details from the SAML and OpenID articles.

If the issue persists, please contact the Document360 support team with the screenshots of the IdP configuration and Document360 SSO configuration.

Unable to login via SSO

Error: Single Sign-on is not enabled for this subdomain

This error occurs when the incorrect subdomain or knowledge base portal link is used during login. It commonly happens if the project is hosted on one domain (e.g., US) but is being accessed through a different domain (e.g., EU).

Login screen for Document360 with SSO option and subdomain input field.

Steps to resolve:

Verify Your Subdomain and Portal URL

Check Your Subdomain

  • Navigate to Settings () in the left navigation bar in the Knowledge base portal.

  • In the left navigation pane, navigate to  Knowledge base site > Custom domain.

  • In the Custom domain page, you can view your project link. If your project link is https://test1.document360.io, then your subdomain is "test1".

  • You can also find your subdomain on the Configure the Service Provider (SP) page under your SSO Configuration.

SSO login failure

Error: This page isn’t working - identity.us.document360.io is currently unable to handle this request. HTTP ERROR 500.

This issue occurs due to a change in the identity certificate. The signing certificate for authentication is rotated every three months, and if the updated certificate is not configured correctly in the Identity Provider (IDP), authentication may fail.

Error message indicating the page is not working due to HTTP error 500.

Steps to resolve:

Follow these steps to resolve the issue:

  1. Ensure that you configure the metadata URL correctly in the Identity Provider (IdP). This URL is available on the SSO page in Document360 and reflects the latest signing certificate information.

  2. If the issue persists, contact support@document360.com for assistance.

404 error during SSO configuration

Error: This identity.us.document360.io page can’t be found. No webpage was found for the web address. HTTP Error 404.

This issue might occur if the federation URL for the Identity Provider (IdP) was incorrectly configured or if the email address used had no associated projects in the system.

404 error

Steps to resolve:

  1. Verify the federation URL of your SSO connection. The 404 error usually indicates that the URL is incorrect or inaccessible. To verify,

  2. Navigate to your Identity Provider’s SSO configuration section.

  3. Look for the federation metadata URL, login URL, or SAML endpoint URL. This URL must match exactly with what's configured in your Document360 SSO settings.

  4. Double-check your credentials and ensure you have entered the correct federation URL in your IdP.

  5. Once the federation URL is copied from your IdP, and related configurations are corrected, confirm that your email address is linked to at least one project.

  6. If there are no projects associated with your email, you may need to be added as a new SSO user account.

  7. Follow best practices when converting other users to SSO accounts.

    • Always copy the federation URL directly from your IdP—avoid manual typing.

    • Ensure that each user’s email is added to at least one active project in Document360 before enabling SSO.

    • Confirm that the email domains of the users match your SSO setup.

    • Add new users as SSO users in your project before they attempt to log in.

    • Maintain a list of verified SSO users with proper role mappings in the system.

  8. If the issue persists, contact support@document360.com for assistance.

500 error during SSO login to knowledge base portal

Error: 500 login error

Possible causes are an outdated or expired SAML certificate, or if the site is set to public (SSO is intended for secure, private portals).

Steps to resolve:

  1. Confirm that your Knowledge base portal is not set to public. SSO authentication requires the site to be private.

  2. Check the status of your SAML certificate. If it's outdated or expired, update it on your identity provider's end.

  3. Retry logging in using SSO after updating the certificate.


FAQ

Why can't I access a project despite being granted access?

If you're unable to access a project, it could be because you are added as an SSO user for some projects and a non-SSO user for others. Please ensure you are using the correct login credentials (non-SSO for non-SSO projects).

If the issue persists, contact our support team for further assistance.

How can I access the Sandbox project while logging in as an SSO user?

SSO and non-SSO logins are treated as separate permission types, which means they display different sets of projects. To access the Sandbox as an SSO user, you need to apply the same SSO configuration to the Sandbox project. Then, add yourself and others as SSO users in the Sandbox project. Once done, both the main and the Sandbox projects will be visible when you log in with SSO.