Symptom
You are using SSO with Microsoft Azure Active Directory and when trying to log in, you receive error message "E-mail address XYZ could not be mapped to user. Reason: No business partner found for e-mail address XYZ" (where XYZ stands for an actual e-mail address).
"E-mail address XYZ could not be mapped to user. Reason:Email address XYZ"
Environment
- SAP Business ByDesign
- SAP Cloud for Customer
Reproducing the Issue
1. Try to log into the system using SSO.
2. Error message appears.
Cause
The e-mail ID being passed needs to be assigned to a user in the system, and not more than one.
This is because when the SAML assertion happens between the IDP and the SAP system, the IDP passes this e-mail ID to the SAP system. In case the same e-mail is used for no user or for multiple users, there is no way to figure out which user is requesting to log on. Hence, SSO will not work as the correct user cannot be determined.
Resolution
Ensure that the e-mail being passed is assigned to at least one user and one user only (i.e. users have unique e-mail IDs assigned to them in the system).
Keywords
SSO, Error, Mapped, Azure, Single, Sign, Email address, could not be mapped to user , KBA , sso , could not be mapped to user , email addres , SRD-CC-SEC , Security , LOD-CRM-SEC , Security Topics , How To