When setting up Single Sign-On (SSO) with TitanFile using SAML (e.g., via Azure AD or other IdPs), two common configuration issues can lead to login failures:
1. User Principal Name (UPN) ≠ Email Address
The Problem:
Many assume the User Principal Name (UPN) is identical to the user's email address. In Azure AD and some other identity providers, this is not always the case.
-
Why It Matters:
If TitanFile is configured to authenticate users by UPN, but users attempt to sign in with their email address (or vice versa), authentication may fail.
Solution:
Confirm whether your IdP is sending the correct identifier in the SAML assertion. If needed, update your IdP to send the UPN or email — whichever matches the expected value on the TitanFile side.
2. URL Mismatch – Missing Trailing Slash ( / )
The Problem:
The Assertion Consumer Service (ACS) and Metadata URLs used in SSO must match exactly between TitanFile and your IdP — including the trailing slash.
-
Why It Matters:
Omitting the trailing slash (/) from the URLs can cause the IdP to reject the request or result in SAML assertion errors. -
Expected TitanFile URLs:
-
-
Metadata URL:
https://<subdomain>.titanfile.com/saml/metadata/ -
ACS (Assertion Consumer Service) URL:
https://<subdomain>.titanfile.com/saml/acs/
-
Metadata URL:
-
Solution:
When configuring SSO in your IdP, ensure both URLs include the trailing slash exactly as shown above.