This article addresses a Single Sign-On (SSO) login error code that may appear in the login URL when integrating SendGrid with Okta. The URL may look similar to the following:
login.sendgrid.com/login/identifier?redirect_to=%2Fssologin%3Ferror%3Dsso-error%26error_code%3D4000
- Security Assertion Markup Language (SAML)
- Single Sign-On (SSO)
-
The SendGrid integration does not recognize existing users as part of the SSO Teammate group, and even the Admin will be included in the Password Teammate group.
-
The Okta metadata values on the SendGrid side do not match the values on the Okta side.
Scenario 1
The resolution process involves making changes on SendGrid's side after fully configuring the integration.
- Navigate to the Twilio SendGrid platform.
- Look for Teammates in the left-side menu.
- Identify if the users are part of the Password Teammate group or the SSO Teammate group.
- If the user already exists in the Password Teammate group, the user's profile must be deleted and then added back to the SSO Teammate group.
If there is only one account available with admin roles, there are two options:
- Provide admin rights to another user, have the initial admin removed, and then add them to the SSO Teammates group.
- Create another user with admin privileges.
- This account can be used as a backup or deleted after the original admin is added to the SSO Teammates group.
Scenario 2
Grab the Okta metadata values from the SendGrid application from the Okta Admin Console, which can be located on the Sign On tab, either in the SAML settings or can be pulled from the View SAML setup instructions document.
- Ensure that the SAML Issuer ID and the Embedded Link found on the Okta side match the values that were inserted on the SendGrid side.
