Cloud SWG Admin Portal federated with SAML Identity Provider.

One specific user fails to access the Cloud SWG Portal after successfully logging into the SAML Identity Provider.

Instead of seeing the Cloud SWG Portal, this user sees the following page:

After clicking the Cloud SWG 'Web Services Security' link, they are continuously redirected back to 'https://accounts.saas.broadcomcloud.com/cc/noAccount endpoint.

HAR file shows the assertion returned is valid, but browser always redirects user to 'https://accounts.saas.broadcomcloud.com/cc/noAccount'.

Cloud SWG Portal.

SAML Authentication.

Assertion email address returned does not match any emails defined on the Cloud SWG admin page.

Make sure that the Cloud SWG administrator list includes a users with the email address matching what is returned in the SAML Assertion Email field.

User was successfully redirected to login to SAML Identity server as the domain was federated. This does not mean that access to the application is allowed - this requires a user with a matching email address defined in the list of Cloud SWG administrators.