Auth0 Home Blog Docs

Passwordless doesn't work with SAML 2

Passwordless is great and I’m trying to use it as SSO to AWS console follow this instruction https://auth0.com/docs/integrations/aws/sso

Once I configure the application to have connection only ‘Passwordless Email’, I got the error.

 "connection": "email",
 "error": {
      "message": "no email or no verification_code provided",
      "oauthError": "access_denied",
      "type": "oauth-authorization"
 }

And I try to look at the request in browser, it says Status Code 404 on request https://DOMAIN/user/ssodata

But if I enable the ‘Username-Password-Authentication’ in the application, when reach Identity Provider URL like https://DOMAIN/samlp/CLIENT_ID, the Auth0 login widget displays normally.

Could you please help m? I really need this feature. Thanks :slight_smile:

1 Like

Hi @monchai_tra,

Thank you for posting in Auth0 Community and I apologize for the huge delay.

Are you still getting this error?

Could you try to change the from email address in the email template? You should have more control over the email domain and domain verification process. If you use default auth0 email (example@auth0.com), it not be possible to verify.

The error message (Message: Email address is not verified) is originating from AWS SES. This happens if you are using AWS SES sandbox. According to AWS documentation:

Email address is not verified. The following identities failed the check in region region : identity1 , identity2 , identity3 —You are trying to send email from an email address or domain that you have not verified with Amazon SES. This error could apply to the “From”, “Source”, “Sender”, or “Return-Path” address. If your account is still in the Amazon SES sandbox, you also must verify every recipient email address except for the recipients provided by the Amazon SES mailbox simulator. If Amazon SES is not able to show all of the failed identities, the error message ends with an ellipsis. https://docs.aws.amazon.com/ses/latest/DeveloperGuide/ses-errors.html

To avoid this, you need to contact AWS support and request to move your SES provider from sandbox.
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/request-production-access.html

Hope this helps!