User16339976601819460220 (Customer) asked a question.
I think it might be an okta internal bug.
There are two okta servers. One server works as an external IdP, the other server has an application that user uses.
If username in the external IdP has email format, It works as expected. Creates the same user account in the main server and the users can keep accessing the main server with the external SAML assertion.
But if username in the external IdP doesn't have the email format, these users can't login even though the user accounts were created at first attempt. So users can login only at first time.
From second attempt to login,
UI shows:
Login Failed
400: Bad Request Error Code: GENERAL_NONSUCCESS
And error message was found in System log :
ErrorMessage = > with the following validation errors: login field failed validation with value 'test.test11': An object with this field already exists in the current organization.<br/>
Does anyone knows why only users with non email format username can't login?
Hello @User16339976601819460220 (Customer) Thank you for reacting out to our Community!
Users that do not have an email format can Sign in, however if the user has testuser1@domain.com and there is another user with testuser1@company.com, then in this case the user can not use testuser1 to sign in because the system does not know which user to authenticate.
The error provided indicates that username already exists and because of that the sign in fails.
Hope this helps and if this answered your question, please mark this as Best Answer!