Ocassionaly, users working with SAML/SSO authentication may find that their login method becomes broken or posts an error due to changes made within the team's IdP. In order to provide a quick and effective workaround, the solution below is presented with both a Quick Walkthrough and a Detailed Walkthrough to ensure that users are able to locate any details they need while repairing their account access. Please note that this solution is only available to teams who have turned off SAML/SSO Enforcement for their Roadmunk account.
Repairing SAML/SSO Authentication - Quick Walkthrough
1. Setting Up Temporary Local Credentials (1 minute)
- Navigate to the Forgot Password page (https://login.roadmunk.com/forgot-password)
- Enter your email into the text box and click Reset
- An email will be delivered to you - click the Reset your Password button in the email
- Enter your password twice, then click the Set Password button to regain access
2. Updating the Invalid SSO Option (2 minutes)
- Navigate to the Security tab in your Account Settings menu
- Click the Delete button for the SSO option under Authentication Methods
- Select the + Login Method button and choose SSO from the list to re-add this login method
- A popup should appear to validate your SSO option - you may be required to login to your IdP
- If completed correctly, the SSO option should repopulate under Authentication Methods
3. Removing the Temporary Local Credentials (30 seconds)
- Remain in the Security tab in your Account Settings menu
- From Authentication Methods list, click the Delete button for the password option
- If completed correctly, the password option should be removed from Authentication Methods
Repairing SAML/SSO Authentication - Detailed Walkthrough
Step 1 - Requesting Local Authentication
If you're running into errors while attempting to access Roadmunk from your IdP's single sign-on, you will be able to now navigate to the Forgot Password page (https://login.roadmunk.com/forgot-password) and request to bypass this by using local authentication (email address & password).
Once your correct email address has been entered and you've clicked Reset, a local authentication method will be generated on your account and an email will be dispatched to your email on file so that you can setup your password. The email should be dispatched immediately; however, if the email doesn't arrive within 3-4 minutes, please make sure to keep an eye on your Spam or Junk Email folders in case the email was flagged by your provider.
Step 2 - Setting Up Local Authentication
In the email delivered to you from email@example.com, click on the Reset Password button to be directed to a page on Roadmunk where you can setup a temporary password for your account. The password will have to comply with your team's password length settings (the default is typically 25 on Enterprise Strength), as covered in our Manage Password Strength Requirements article on our knowledge base.
To commit these changes, make sure that the passwords entered in both boxes match and click on the Set Password button to continue. If this has been completed successfully, you will be brought into the Roadmaps module homepage on your team's Roadmunk account.
Step 3 - Re-Attaching SAML
Now that the account is accessible once more, we will take the steps needed to re-validate your SAML Single Sign-On option. In order to begin, click on your avatar in the bottom-left corner of the screen and navigate to Account Settings :: Security. Under the Authentication Methods list on this page, you will see two active login methods: one listed as SSO and one listed as password. Click on the delete button, highlighted in the screenshot below, to remove the invalid SSO authentication method from your profile.
Once this has been completed, you may be logged out. If so, please log in again using your email and password, then navigate once more to the Security tab by following the path listed above. On returning to this tab, you should see that your SSO authentication method has been removed and that you only have the option to use password. To re-attach your single sign-on method, click on the + Login Method button in the top-right corner of the list and select SSO from the drop-down (shown below). If done correctly, a popup should appear to validate your login method and an option for SSO should appear under your Authentication Methods list.
Step 4 - Removing Local Authentication
Once this has been completed, you may be logged out. If so, please log in again using your email and password, then navigate once more to the Security tab by following the path listed above. Under the Authentication Methods list on the page, you will see both login methods that we've worked with during this solution. Click on the delete button beside the password option, highlighted in the screenshot below, to remove the temporary password authentication method from your profile.
Once this has been completed, you should be able to successfully login to Roadmunk using your Single Sign-On option.