Overview
When logging in, an existing tenant member is presented with a screen showing the message Unable to create a team or tenant instead of seeing the Auth0 dashboard of the tenants they are members of.
Applies To
- Dashboard SSO integration
- Dashboard users
- Tenant/Team members
- Admin SAML/OIDC SSO identity
Cause
The values of the claims sent from the identity provider (IdP) for the user, usually the email or Unique User Identifier, were modified on the IdP’s side. The dashboard considers these users with modified property values as new dashboard users and generates new SSO accounts for them with different User_IDs. Since these new accounts were not invited to any teams or tenants, the user sees the screen above.
Solution
Check the identity provider’s side to see if the information sent to Auth0 for the affected user (the email or Unique User Identifier) was changed. If so, roll back to the previous values, and the user should be able to log in with its original accounts. Alternatively, the user can be re-invited to the tenants so they can gain access with the new SSO identity.