Prisma Cloud: Unable to login the SSO login error "Authentication Failed: Either the user does not exist or (s)he does not have SSO login access."

Prisma Cloud: Unable to login the SSO login error "Authentication Failed: Either the user does not exist or (s)he does not have SSO login access."

487
Created On 11/03/25 06:47 AM - Last Modified 03/04/26 18:04 PM


Symptom


  • All users were unable to log in to the Prisma Cloud Console using their standard credentials via SSO (SAML with Azure AD).

  • Upon login attempt, users were redirected to the Identity Provider (IdP) page, but authentication failed and returned an error message on the Prisma login page.

Environment


Prisma Cloud

CSPM

Prisma cloud Enterprise edition

Cause


This issue can occur if there is a change in the IdP configuration, such as modifications to SAML attributes or user identity mappings. In this case, the problem was caused by a change in the user email format in Azure AD from @xyz.in to @xyz.com, which led to a mismatch between the SAML assertions and existing Prisma Cloud user accounts.

Resolution


  • In Azure AD, the email format for users was changed from @rbl.in to @rbl.com, which caused a mismatch with existing Prisma Cloud user accounts.
  • To fix this, we went to Settings > Access Control in Prisma Cloud and created new users with the updated email IDs matching the Azure AD format. Once the new users were added and the old ones removed, all users were able to log in successfully to the Prisma Cloud Console.

Additional Information


View another article here on possible reasons for this SSO Login error. 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TOFwKAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail