After logging in at the IdP in any Zivver client, a user gets this error:

“error”: “We were not able to find a SAML configuration that belongs to the subject with email address [**@**.com]. Make sure this is the correct email address you’re trying to log in with. Please make sure it exists within Zivver and that the SAML configuration is set up properly for issuer https://sts.windows.net/487e3a96-1702-4135-abfd-69dee173f2b5/.”

Cause

The email address that was used to create the Zivver account is different from the User Principal Name (UPN) in Entra ID. This is usually the case when both of the following are true:

• The Zivver accounts are created from Active Directory (AD) on-premise.
• The primary email address in AD on-premise is not the same as the UPN in Entra ID for that user.

Solutions

Solution 1

Use user.mail as the Unique User Identifier in the SSO setup in Entra ID instead of user.userprincipalname.

Solution 2

Use the AD Connect Tool to sync mail (user) [String] from AD on-premise. Do this in the same way as you sync objectGUID, but without the transformation in the Synchronization Rules Editor. Use user.mail (extension_<extensionID>_mail) as the Unique User Identifier in the SSO setup in Entra ID instead of user.userprincipalname.

Remarks
Apply Solution 2 if user.mail does not contain the appropriate value. With Solution 2, you synchronize the exact same string from the mail attribute in AD on-premise to Entra ID.