When logging in, an existing tenant member is presented with the following screen instead of the expected Auth0 Dashboard tenants:

Unable to create a team or tenant

• Dashboard Single Sign-On (SSO) integration
• Dashboard users
• Tenant/Team members
• Admin Security Assertion Markup Language (SAML)/OpenID Connect SSO identity

One of the following causes applies to this issue:

• Modified Identity Provider (IdP) Claims

  • The claims sent from the IdP for the user, such as the email or Unique User Identifier, were modified on the IdP side. The dashboard treats users with modified property values as new users and generates new SSO accounts with different User IDs. These new accounts do not have invitations to any teams or tenants.

• Missing Tenant Invitation

The user has not been invited to any tenants. This occurs if:

• • The user accepted a tenant invitation while logged in with a session linked to a non-SSO account. As a result, the old account is linked to the tenant instead of the SSO account.

  • The user attempts to log in with an old account.

Follow the steps below to resolve the issue based on the cause.

Verify Identity Provider Claims

1. Check the IdP settings to determine if the information sent to Auth0 for the affected user (email or Unique User Identifier) changed.

2. If the values changed, roll back to the previous values. The user can then log in with the original account.

3. Alternatively, re-invite the user to the tenants to grant access to the new SSO identity.

Reset User Invitation

1. Log out of the Auth0 Dashboard completely.

2. Resend the tenant invitation email.

3. Ensure the user logs in with the SSO account and accepts the invitation.

4. Log in with the SSO account.

For instructions on how to re-invite tenant members, please refer to the following knowledge base article: Configure Single Sign On for Auth0 Dashboard: Migrate Tenant Members