New AD users cannot login to Servicenow instance with SSO: ERROR *** *** Script: User: [Username] not found


Description

Cause

Once a user is successfully authenticated, the last step in the authentication process is to validate the user is to identify the user in the sys_user table based on the value in the 'User field' configured in the advanced section of the Identity Provider record. In this occasion it was trying to validate a valid name against an email address. As the email address did not match the name, the user was not found. It is important to validate the name against the 'user_name' or validate the email against the email address so the values can match

Resolution

From the logs it was identified that subjectUserName was a user name but the user_field was 'email' which is not a valid match

To resolve the issue it was necessary to navigate to the advanced section of the Identity provider record and update the 'User Field' column with 'user_name' instead of 'email'