Google is committed to advancing racial equity for Black communities. See how.

SSO Zone Administration Page: Unauthorized Request error

Symptom

Zone Admin unable to access Edge SSO Zone Administration page from Edge UI.

Error message

The Zone Admin sees the following error while trying to access the Edge SSO Zone Administration page:

Unauthorized Request: invalid token

Possible causes

Cause Description Troubleshooting instructions applicable for
Not using Edge user account Trying to access the SSO Zone administration page while authenticated using Identity Provider (IDP). Edge Public Cloud users
Other issues
  • Unable to access SSO Zone administration page after mapping to Identity Zone.
  • Browser cache is not cleared
Edge Public Cloud users

Cause: Not using Edge user account

Diagnosis

  1. Check to see if your organization is SAML enabled and that it was done using the steps described in Enable SAML.
  2. If yes, then ensure that you have a valid Edge User account and the Zone Administrator role has been granted to you.
  3. Make sure that you aren’t logged in using SAML IDP credentials, as the SSO administration happens outside your organization.

You can’t access the Edge SSO Zone Administration page with your company single sign-on (SSO) credentials as documented in Explore the Edge SSO Zone Administration page.

Resolution

Ensure that you login with Edge user account while accessing the Edge SSO Zone Administration page.

Cause: Other issues

Diagnosis

You may not be able to access the SSO Zone Administration page after the organization has been mapped to the identity zone or the browser cache may not be cleared.

Try the steps described in Resolution and then check to see if you are able to access the SSO Zone Administration page.

Resolution

  1. Logout from your current session.
  2. Navigate to the Edge SSO administration page directly by accessing the following URL
    URL: https://apigee.com/sso
  3. If you are still seeing the same error, access the above URL using an incognito window.
  4. If you are able to login using an incognito window, you should be able to login from a regular browser window after clearing your browser cache and cookies.
  5. If your browser doesn’t allow incognito mode, clear the browser cache and cookies and try to access the SSO Zone Administration page again.

If the problem still persists, go to Must gather diagnostic information.

Must gather diagnostic information

If the problem persists even after following the above instructions, gather the following diagnostic information. Contact Apigee Support and share the following information with the support team:

  • Generate and share the HTTP Archive (HAR) file on your browser for further analysis.
  • Start recording right before you login up to the time you observe an error message on screen.

For help on how to record and download HAR files, see the following: