This page details some issues you may encounter with setting up and using SSO.

"Your e-mail address domain didn't match one of the Single Sign-on configuration's verified domains"

We use home realm discovery during login.

After a successful login with your IdP the domain in the email claim must match one of the verified domains you chose when you configured Single Sign-on.

Hence you may need to add all possible email domains and UPN domains to your Single Sign-on configuration.

Users can then enter their UPN at the initial prompt if required by your IdP, rather than their email.

Unable to log in to any account

If SSO is misconfigured on the Redgate side or on your identity provider, it is possible to get into a state where it is not possible to log in with any account. This can prevent fixing the problem, as it becomes impossible to log into the Portal to make changes to SSO.

The Portal SSO recovery flow can be used to disable SSO in this case. You will need to be able to modify the DNS records for the configured domain(s) to prove ownership by adding a TXT record. Once SSO is disabled, you will be able to log in again via username and password and can then reconfigure SSO correctly.