Issue:
Using the Login URL to the Organization instead of the Assertion Consumer Service URL (ACS URL) when setting up SAML SSO might throw the following error:
There is no SAML SSO identity for this user.
Possible solutions:
The Assertion Consumer Service URL (ACS URL) should not be used for the same purposes as the Login URL to the Organization. The Assertion Consumer Service URL (ACS URL) contains callback?organization_slug
which is important to establish the connection between OneLogin and Bitrise. The ACS URL has to be copied into OneLogin WHEN setting up SAML SSO for an Organization.
Once you hit Configure SSO on Bitrise, the ACS URL is NO LONGER available since it gets replaced with the Login URL to the Organization which is not the same as the ACS URL. Org members with SAML SSO enforced on the Org can use the Login URL to easily log into their Org without having to populate the Org name manually. The Org owner can share this Login URL with Org members, they can bookmark the page and use it when logging into their Bitrise Org.
Please note that the Login URL is not to be added to OneLogin as it does not have the callback?organization_slug
part in it which is needed to set up SAML SSO between OneLogin and Bitrise.