KB: SSO Login Fails Due to Incorrect Identity Provider Entity ID

SSO sign-in blocked despite successful test

When users attempt to sign in using SSO, the login fails with the error message “Unexpected error occurred: Incorrect Identity Provider settings.” This can occur even when administrators run Test Sign On from the Company Dashboard authentication page and the test completes successfully. In some cases, the issue affects only users from a specific Altium Organization, while users in other Organizations under the same Company Account can still sign in normally.

Organization-specific Entity ID mismatch

This error occurs when the Identity Service (IDS) identifies the user as belonging to one Altium Organization, but the SAML assertion generated by the IdP targets a different Organization. In practice, this most commonly happens when the Entity ID configured in the IdP application does not match the current Entity ID displayed for the affected Organization in the Company Dashboard Authentication page under the Altium metadata configuration section.

A successful Test Sign On only validates SAML connectivity and metadata exchange. It does not fully validate that every user is mapped to the correct Altium Organization or that the correct Organization-specific Entity ID is used during the sign-in flow. If your Company Account contains multiple Altium Organizations, each Organization uses its own GUID-suffixed Entity ID. Reusing an Entity ID from another Organization, or using an outdated value, can cause this login failure.

Use the correct Organization Entity ID

• Identify the current Entity ID for the affected Organization in the Company Dashboard Authentication page.
• Ensure the IdP application configuration uses this exact Organization-specific, GUID-suffixed Entity ID.
• Avoid re-importing old or previously exported SAML metadata into the IdP if it contains an outdated Entity ID, as this can reintroduce the mismatch.

Update the Identity Provider configuration

1. Sign in to your AltiumLive account.
2. Open the Company Dashboard and navigate to Authentication, then locate the SSO configuration for the affected Altium Organization.
3. In the Altium metadata configuration section, locate the Organization’s current Entity ID.
4. If required, generate a new Entity ID for the Organization, or copy the latest displayed value.
5. Open the SSO application configuration in your Identity Provider.
6. Replace the existing Entity ID in the IdP with the current Entity ID from the Company Dashboard.
7. Save the configuration changes.
8. Have an affected user attempt to sign in again using SSO.

For visual guidance, including screenshots showing where to find the Entity ID in the Company Dashboard and how it appears in common Identity Provider configurations, refer to the official documentation Configuring Sign-in Authentication | Company Dashboard. This documentation contains screenshots and step-by-step examples for the Altium metadata configuration and Identity Provider integration.

Additional Notes

If your company has multiple Altium Organizations under the same Altium Account, a single SSO Identity Provider can be used for all Organizations. Each Organization must use its own GUID-suffixed Entity ID, and each Entity ID must be correctly mapped to the corresponding SSO application within the Identity Provider.

References

• Altium Dashboard: Configuring Sign-in Authentication
  • Identity Provider Integration Examples 
  • Multiple Organizations with one SSO Provider