Login Error Troubleshooting
Brief Overview
Errors happen and logging in often leads to unforeseen SSO or password issues. Use this article to troubleshoot the message and find a solution. This will help you determine if there is something you can do to fix it or if you need to reach out to WalkMe for help.
SAML SSO Errors
SSO Partially Configured
IF the SSO is partially configured, meaning not all the steps in the SSO creation wizard were completed, and then assigned to users, the users will be redirected to the following "example.com" instead of logging into the product.
Troubleshoot: Try one or both of the following:
- Go to Admin Center and assign the users to a fully configured SSO
- In order to make sure that the SSO is fully configured go to "Security"→ "SSO"
- Assign them to "Login with Password" as a login method
SSO ID not configured correctly
If the SSO ID, which by default is user email, is not compatible to the value that exists in the IDP (for example, you are using a unique string instead of the user's email), the user will see a 'user creation was disabled' error when they try to login:
Troubleshoot: Go to the Admin Center, in the "Add users" wizard, review the SSO ID field to ensure it is configured correctly, then send them a new invitation to login.
SSO configured but not working
If you are experiencing failures while trying to authenticate in SSO then it's likely that some of the values were not entered correctly when the SSO was being configured.
You will likely need to contact your IT team to help resolve this.
Troubleshoot:
- In your browser, open the network tab
- Check "Preserve logs" (this will save all the requests in the "Network" tab even if the user will switch between pages)
- Review the cases to determine which is your issue:
First case - The request not reaching to the SSO site: This means that WalkMe settings weren't applied correctly on the site
- Go to Admin Center and verify that the settings in SSO wizard (step 3) are correct
- Advanced option -
- Search for the "samlRequest" in the "Network" tab
- Copy the "Requested URL:"
- Decode it using the following online tool - https://www.samltool.com/decode.php
- Search for the same values as in step 3 (in SSO wizard) and verify if correct
Second case (this will be the common scenario) - The user authenticated successfully using his SSO site but failed to enter the prodcut.
- Go to Admin Center and verify that the settings in SSO wizard (step 2) are correct (URL, Entity ID)
Advanced option-
- Search for the "samlResponse" in the "Network" tab
- Copy the "SAMLResponse"
- Decode it using the following online tool - https://www.samltool.com/decode.php
- Verify that the following value are identical to the values in the SSO wizard (step 2)
- Destination (=URL)
- Issuer (=Entity id)
- certificate (=Public certificate in step 3)
- In the decoded XML, search for nameid and make sure that it is equal to the SSO ID (in Users grid)
Legacy SSO retirement
WalkMe is moving to a new SSO solution provided by the leader in identity management, Okta, that offers higher availability, performance, and better monitoring and logging capabilities.
If your account is currently registered with WalkMe's legacy SSO, we encourage you to proactively move to the new SSO solution managed in the Admin Center.
You can find instructions for the process in the following article: Single Sign-On
Password Errors
Incorrect Email or Password
If your email or password is incorrect, and you can't remember the information, you can reset from login page. You will receive an email to update new password. The link is valid for 30 min. If you don't see an email, check your spam folder.
Password Statuses
Active: User is able to login to the system
Pending user activation: User must activate their account via the email invite WalkMe sends and create their first password. User won't be able to log in until they do this.
Locked: If the user tried more than 10 times to enter an incorrect password, they will be locked from trying again. The user will be be able to try again after 1 hour.
Recovery: Triggered by a force reset password from the Admin Center. In recovery mode, the user must create a new password. The force reset password email is valid for 2 days. Be sure to check the spam folder if you didn't get an email.
Password expired: Following WalkMe policy, passwords expire every 3 months. When the 3 months has passed, after you try to login with your old password you will be prompted to update it.
Reset Password Verification Code
If you requested to reset your password via the login page in one browser (for example, Chrome) but when you click on the link from the email, the opens up in another browser (for example, Firefox), you will see a verification code instead of a reset password page.
If this happens, copy the code and go back to the original browser, and click Enter verification code instead. Then continue to reset your password as usual.
Editor Login Errors
Unable to retrieve OAuth redirected params from storage
- This error can be solved by clearing your browser cache and cookies.
The JWT was issued in the future / The JWT expired before it was issued
- This message appears if there is a discrepancy between your computer's clock and WalkMe's clock. Five minutes is the maximum difference allowed between your clock and WalkMe's. Make sure your computer date and time is accurate for your time zone.
- If your clock is behind WalkMe, you will see: "The JWT expired before it was issued"
- If your clock is ahead of WalkMe, you will see: "The JWT was issued in the future"