After initial successful signing in using External SAML (Identity Provider (IdP)) with Just-in-time (JIT) authentication, the second sign-in by the same user fails with the error:

400 Login Failed

• Error message on the user interface:

400: Bad Request Error Code: GENERAL_NONSUCCESS

• System Log error:

Unable To JIT

• Identity Provider (IdP)
• Security Assertion Markup Language (SAML)

An External IdP SAML requires either a Persistent Name ID or an Account link policy to be checked in its configuration.

Check the Persistent Name ID or Account link policy in the External IdP SAML configuration.