Skip to main content
For the complete documentation index for agents and LLMs, see llms.txt.

Why Is My SSO Login Not Working?

Users can't sign in to Haystack Enterprise Platform through SSO configured with Microsoft Entra ID. The Entra ID admin can log in, but other users can't. The cause is that the Haystack Enterprise Platform application in Microsoft Entra ID hasn't been granted the required scopes to read user profiles.

Symptoms

  • The SSO login process gets stuck at the redirect from Microsoft Entra ID back to Haystack Enterprise Platform, and authentication doesn't complete.
  • The Entra ID admin can authenticate without issues, but non-admin users can't.

Cause

The Haystack Enterprise Platform application in Microsoft Entra ID needs permission to access user profiles. Without this consent, the authentication flow fails at the redirect step. Entra ID admins bypass this restriction, which is why they can log in while other users can't.

Resolution

  1. Ask your Microsoft Entra ID admin to sign in to the Microsoft Entra admin center.
  2. Go to Enterprise applications > All applications and find the Haystack Enterprise Platform application.
  3. Select Permissions under Security.
  4. Select Grant admin consent to approve the required scopes, specifically the scope for accessing user profiles.
  5. Ask a non-admin user to test the SSO login to confirm the issue is resolved.

Verification

After the Entra ID admin grants consent, ask a non-admin user to log in to Haystack Enterprise Platform through SSO. A successful login confirms the issue is resolved.