In setting up SAML, the customer used an existing department as the department key in UC_SAML_SETTINGS.
The problem with doing this was all of their users were currently set with this department and using LDAP as their login method. No one was yet set up with SAML logins.
The customer also did not know or have access to the credentials for the UC user.
Release : 21.0.x
When the department key is added to UC_SAML_SETTINGS, any existing user associated with that department can ONLY log in via SAML moving forward.
This customer had no other departments defined.
The department specified for SAML must be unique - it cannot be used by any other users, it is only for the SAML logins.
It is supported to have SAML, AE, and LDAP authentication - the key is the department.
For instance, SAML users have the department SSOadmins, LDAP users would have the Domain as the department name, ie LDAP.net, and all other AE logins would have their own departments.
To resolve the above mentioned problem, log into client 0 as an AE user (not the SAML or LDAP department).
Reset UC_SYSTEM_SETTINGS : SAML to N in order to allow users to log in to AWI with their LDAP or Automic user.
If you are unable to log into Automic because all users have been affected by the above change, please open a case with support and we will assist in resetting the value.
To reset this via a SQL statement (no access via UC user) send the following SQL statement (SQL Server only, DBA can adjust for other databases appropriately)
update ovw set ovw_value1 = 'N' where ovw_vvalue = 'SAML' and ovw_oh_idnr in (select oh_idnr from oh where oh_name = 'UC_SYSTEM_SETTINGS')
then restart Automic.
This only happened because all of their users belonged to a single department. When this department was used for the SAML settings, all access for this department could only happen via a SAML login.
Always validate/test the SAML setup in an environment where you have access to either the UC user or another admin user for client 0 that has a different department than is being used for SAML.