If you are receiving this message upon login: 

============================================================ 
Sorry, we are unable to log you in at this time. The role we received from your identity provider is invalid. Please contact your platform administrator. 
============================================================

The roles attribute being passed in your SAML assertion is not valid or missing. Typically this indicates one of the following issues:

• Spelling error
• The user is not assigned to one of the 'cloudhealth-' role groups within your IDP. These values map back to the IDP name of a Role under Setup -> Admin -> Roles.
• The "roles" attribute name is missing or spelled incorrectly