Answers Splash Image

Common Issues: Single Sign On

Here are some of the common issues with Single Sign On and their most common solutions:

Invalid login credentials

Problem: User sees an error message of "Invalid login credentials."

This is a general log-in error. It could mean any of the following:

  • Incorrect username or password. Students may request a new password at
  • Expired account: CruNet accounts will expire a couple of months after a student is no longer a current student. If the student is not taking courses this term, he or she should log-in with Student ID and password, rather than CruNet.

Whoops! You need a new password.

Problem: Student receives an error message that reads, "Whoops! You need a new password."

Solution: This just means that the student is forced to change their password on the next logon. We do this for all newly created accounts. This can be accomplished by clicking on the link on the error page or by logging in to any campus computer.

Failed to login with identity provider

Problem: Student, faculty, or staff receives an error message that reads, "Failed to login with identity provider. [Error during processing (Object reference not set to an instance of an object.)]."

Solution: This is a myCampus error. The student logged in successfully to Single Sign On, but myCampus cannot locate them. It means that the ID attribute is not set or not set correctly in Active Directory. This problem requires a technician to add the correct ID number to the employeeID attribute in Active Directory.

Invalid Email

Problem: When trying to access SaderMail, the student receives an error, "Invalid Email. We are unable to process your request at this time, please try again later."

This is a Google error. It means that the student was able to log in successfully with Single Sign On, but Google was unable to locate the matching account. Here are the details:

  • If it is a current student, there is most likely a mismatch between the mail attribute in Active Directory and the username in Google. This will require escalation to a technician. It is important that the mail attribute in AD is the same as the student's SaderMail address (not an alias in Google), and that their sAMAccountName matches the first part of that address.
  • If it is a former student, this is most likely a problem with the mhb_email_accts table in EX. It will require escalation to the Applications Manager. The value in USRDZU must be the same as the first part of their SaderMail account name (not an alias). If the user is, the table should show aostudent in USRDZU.