OneLogin SSO/SCIM email mismatch (original) (raw)
- All Collections
- Identity management (SSO, JIT, SCIM)
- Troubleshooting by identity provider
- OneLogin SSO/SCIM email mismatch
Claude uses email as the primary identifier to match SSO logins to provisioned seats. In OneLogin, SCIM provisioning and SAML SSO are configured in separate tabs of the app and can reference different user profile fields, causing a mismatch that blocks access.
Symptoms
People may experience one or more of the following when attempting to access your organization via SSO:
How this happens
OneLogin user profiles contain distinct fields for username and email, which may hold different values. SCIM provisioning parameters and SAML attribute statements are configured independently and can each pull from a different field:
A common mismatch: the SCIM parameters tab maps the email attribute to Username (which may be an employee ID or short name) while the SAML attribute statement sends the Email field. Claude requires an exact string match.
Common confusion: OneLogin's SCIM parameters and SAML attribute statements are in different tabs of the same app — Parameters for SCIM and SSO (or Parameters with SAML-specific fields) for SSO. Both must be checked and aligned.
Diagnostic steps
Step 1 — Confirm the mismatch
Step 2 — Identify the scope of the problem
Step 3 — Review user field values
Resolution
Align both mappings to the Email field
OneLogin's Email field is the most reliable source for both SCIM and SAML, as it's designed to hold a valid email address.
Trigger a full re-sync
Critical — Full sync required: An incremental sync will not update existing records after you change an attribute mapping. You must trigger a full restart of the provisioning cycle.
Post-fix cleanup
After correcting the attribute mapping and completing the full sync:
Verification
Common issues
When to contact Support
Contact our Support team with your organization's domain, the affected person's email, and screenshots of your attribute mappings when:
Related Articles
Google Workspace SSO/SCIM email mismatchMicrosoft Entra ID SSO/SCIM email mismatchOkta SSO/SCIM email mismatchPing Identity SSO/SCIM email mismatchOneLogin SSO setup