cancel
Showing results for 
Search instead for 
Did you mean: 

User from Trusted Domain is not able to login using SSO

Anonymous
Not applicable
Hi, I have two Trusted domains (DomainA and DomainB) that are not from same forest. BP App server is configured with DomainA and AD groups from DomainA. There is a user from DomainB that is member of one such DomainA group. Though users from DomainA are able to get in to BP via SSO. User from DomainB is getting error like ' System.Exception: The user DomainB\UserJoe is not a member of the DomainA domain€™ FYI, App Server is using SQL Auth to connect to DB. Any idea what the issue would be. Thanks and Regards, Akshay
2 REPLIES 2

TetsujiJunicho
Level 9
Hi I suppose the users must reside within a trusted domain within the common Active Directory Forest. Refer to the releae note: https://portal.blueprism.com/blue-prism-5024-available-now ""The Blue Prism Single Sign-on capability has been extended to allow users that reside within a trusted domain within the common Active Directory Forest to be assigned Blue Prism access and permissions.

Carol.Ouellet
Level 5
Hello I just went through a login issue with trusted domains. DomainA and DomainB are trusted but in different Forests. DomainA is my app server and SQL server while all my AD groups and users are in DomainB. We simply made the Blue Prism server service log on as a service account from the DomainB. Then it was querying the right global catalog for authentication. To be able to log the service as a different AD, you have to add that user in the group policy: Log on as a server within Local Policies/User rights Assignment. Not sure if this could apply to the above issue somehow. If there is only one user, just change your AD groups of domain. If multiple users in A and one in B, maybe there is a way for user in domain B to run blueprism as a domain A user from the command prompt or Powershell. ex: runas /user:domaina\user automate.exe What is strange is that when we install blueprism, it recognizes all the users from the start, I think Blue Prism should review their query method to not only check the current forest catalogue on start. Carol