Skip to main content

Admin group user can't log in to SecureAuth0 via browser due to invalid group

Issue

Some Admins can access the SecureAuth0 realm, but some cannot.

Cause

The SecureAuth0 Web Admin console is configured to allow only the members of the "domain admins" group access.

Resolution

Check the "Primary Group" setting on the "Member Of" tab. If the Primary Group is set to "Domain Admins", the "memberof" attribute of the user object cannot be read, and an invalid group message is received when authenticating.

Use Case

7995421.png

On this specific user's AD account profile, the "Set Primary Group" field was selected as the "Admin" group.

Changing it to another group or not selecting any group solved the issue; the user was able to log in to SecureAuth0 via a browser.

Additional Information

Resource to read:

http://support.microsoft.com/kb/275523