Users that are Inactive / Locked in SAML will be redirected to LogoutURL vs Error URL.
Steps to Reproduce:
1. Configure Clarity for SAML using Okta, Azure or other IDP's.
2. On the NSA, add a Logout URL, Authentication Error URL.
3. Mark the user inactive/locked in Clarity.
4. Login with the locked user through SSO
Expected Results :- User is Redirected to the Authentication error URL.
Actual Results :- User is redirected to the Logout URL.
Release : Any
This was reviewed as DE68679 (Not a Bug, working as expected)
This is working as designed. If the user passed via SAML is invalid or locked in Clarity we redirect to the logout URL.