Page Access denied: Invalid User or Tenant
search cancel

Page Access denied: Invalid User or Tenant

book

Article ID: 173385

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Gateway CASB Gateway Advanced CASB Securlet SAAS

Issue/Introduction

Unable to access SaaS sites with CASB Gatelets enabled.

Page access denied: Invalid user or Tenant for unknown [email protected].

Or Domain OR Workstation \ Userid  is listed.

Or no user is listed.

 

Page redirect may not display if CloudSWG has ICAP trickling enabled.  The SaaS will not load properly.

 

Environment

  1. If there is a user in the error page, please make sure that the user:
    1. can be found in CASB User/users list
    2. the user is active in CASB

  2. If this is CASB Proxy Chaining, make sure the following are enabled in BOP by CASB Support:
    1. User Signaling (Agentless)
    2. Unauthorized User as Guest

Cause

No Guest user in CloudSOC.

Resolution

In CloudSOC, Users page:

  1. Create the user "guest".
  2. Give that user an email address of [email protected]. (example.com is the primary domain in CASB) 

If no user is reported, but the invalid user or tenant exists.  Verify that SWG (formerly WSS) is not bypassing authentication.

If the Invalid User or Tenant reports a user as  Domain OR Workstation \ Userid  verify that the User has a SecondaryID in CloudSOC.

 

 

Additional Information

If ICAP trickling is enabled and the page access denied message is not present.  Check for a 302 in the browser har file.  Open a case with support a fix is available as required.

Powered by Wolken Software