Skip to main content
Question

Moving to SAML from AD

  • March 19, 2026
  • 1 reply
  • 17 views
nordpil
Enthusiast
Forum|alt.badge.img+12

Hi all!

In our 2025.2 Flow installation we have AD synchronization and authentication for quite sometime, with some 100+ users and a number of groups. Now we are about to deploy SAML - I am able to get it to work for a new user/role, but if there is an existing user/role there is a collision, and the process fails.

Am I understanding it correctly that I actually have to delete (or at least rename) all users and roles before we can start using SAML fully?

What we see in the logs:

417551 : An error occurred during SAML login: Specified user role already exists.
417551 : An error occurred during SAML login: Non SAML user account "nordpil" already exists. Please contact system administrator for support.

 

    1 reply

    zoe.forbes
    Safer
    Forum|alt.badge.img+5
    • zoe.forbesSafer
    • Safer
    • March 20, 2026

    Hi ​@nordpil,

    That’s correct - usernames have to be unique across all users, not just those from the same authenticated method. Because of this, we generally recommend setting the username field to “email”:

    Something similar was covered in a recent webinar, in the User Management section starting around 4:45. Please let me know if you have any questions about this!

    Community Stats

    32,370
    Posts
    123,054
    Replies
    40,452
    Members
    Terms & ConditionsCookie settingsAccessibility statement
    A product of
    Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.