Unable to sign in, logins are by invitation only. Please contact the administrator of this web site to access this site

Error Message

While following the instructions in the Configure a SAML-compliant identity provider with your portal documentation for Active Directory Federation Services (AD FS) 2.0 and above, under step 3 of the Configuring your portal with a SAML identity provider header, the following options are available:

• Allow users to join the organization automatically, or
• Allow users to join the organization only after accounts to the portal are added

When the second option is selected, sometimes, an error message is returned.

Error:   
Unable to sign in, logins are by invitation only. Please contact the administrator of this web site to access this site.

Cause

This happens if the Lightweight Directory Access Protocol (LDAP) Attributes are mapped to Outgoing Claim Types incorrectly.

For example, the error message is returned if the User-Principal-Name (UPN) attribute is mapped to the Name ID Outgoing Claim Type, and the UPN username to add the member to the Portal is incorrect.

The error message is also returned if other components like the first name and last name are provided incorrectly while adding the Portal member.

Solution or Workaround

Provide the UPN and other attributes as set in the AD FS Server.

To find the correct UPN, launch the command prompt on any computer within the same network as the AD FS Server and run the command 'whoami /upn'. This lists the UPN of the logged-in user.