AWS SSO not working with teams

I get this when I try to use AWS SSO with cloudflare teams, I even added the user in both teams as well as the AWS users section but I get these error.

I even tried on a second account but same issue 🥲,
In cloudflare access log it shows allowed

This looks like something on the AWS side. It appears to be rejecting your login attempts

Check again your SAML metadata, sometimes a very small mistake can cause the entire login process to fail.

Now I will enable AWS logging so that i can see what’s the errors

It’s correct. The certificate is also imported

Still it’s not working,

I added a user who’s username in AWS matches with [email protected] in cloudflare teams. Still not working.

I removed the external provider from AWS and tried directly with AWS sso and it worked but I don’t why it’s not working with teams

Actually what should match with AWS and cloudflare teams

cloudflare team allowed email before @ should be equal to username of the user in AWS sso


cloudflare team allowed email should be equal to email in AWS SSO

Or cloudflare allowed email should be equal to the email entered in the username of AWS SSO

In username I had only entered the before part of email and not whole email

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.