Troubleshooting

Single Sign-On for a Box user can fail due to configuration issues on Ivanti Connect Secure, Box Service Provider, Ivanti Secure Access Client or Pulse Workspace.

To troubleshoot issues with Single Sign-On:

•On Ivanti Connect Secure, under Maintenance > Troubleshooting, enable the event codes – “saml, auth” at level “50” and collect debug logs. Enable Policy Tracing and capture the Policy traces for the specific user.

•Check System > Log/Monitoring > User Access > Log for SAML AuthNRequest and Response for the specific user. Verify if Subject Name is proper in the SAML Response.

•On mobile device, open Ivanti Secure Access Client and Send Logs to your administrator.

•If user receives ‘Invalid login credentials’ error while trying to do SSO with Box account even though Ivanti Connect Secure successfully sent SAML response, this could be an issue with SAML Configuration on Box SP (if Box configuration mentioned in last step of the details to be filled in the form for filing a request to set up SSO is not done). Box SP looks for the ‘emailaddress’ attribute in SAML Assertion. Ivanti Connect Secure sends email property in SAML_SUBJECT. To resolve this issue, SP should be configured to look for SAML_SUBJECT attribute in SAML Assertion. Submit a request with Box support for this configuration change.