Skip to main content

Admin group user can't log in to SecureAuth0 via browser due to invalid group


Some Admins can access the SecureAuth0 realm, but some cannot.


The SecureAuth0 Web Admin console is configured to allow only the members of the "domain admins" group access.


Check the "Primary Group" setting on the "Member Of" tab. If the Primary Group is set to "Domain Admins", the "memberof" attribute of the user object cannot be read, and an invalid group message is received when authenticating.

Use Case


On this specific user's AD account profile, the "Set Primary Group" field was selected as the "Admin" group.

Changing it to another group or not selecting any group solved the issue; the user was able to log in to SecureAuth0 via a browser.

Additional Information

Resource to read: