If an admin user attempts to log into the Smallstep Dashboard using SSO through an IdP, they may encounter a 401 Unauthorized Error, which prevents access.

Try the following known resolution steps

  • In the IdPs Smallstep App settings (Azure, Google Workspace, OKTA), check the user's information for simple errors like:
    • Is the email address casing mixed or uppercase?
      • When it comes to syncing between IdPs and Smallstep, Bob.User@company.com is different than bob.user@company.com. If the identity provider record was set up with an email containing uppercase letters, the Smallstep Dashboard user email case will need to match, or the user's email needs to be made lowercase in the IdP.
    • Is the email address spelled correctly?
      • This simple oversight has happened, especially if this is a new user added to the IdP.