Symptom
Facing issue while logging into SAP CPQ using Single Sign On.
Error Code: 200027
Error Message: Invalid user login
Detailed Error Message: Failed to map federated user to related CPQ account.
User Identifier Attribute Source: NameId
User Identifier Value: <email ID>
Environment
SAP SALES CLOUD CPQ
Cause
The user's Federation ID in CPQ does not match the NameId
value received in the SAML response, causing the login mapping to fail.
Resolution
The error message contains the terms User Identifier Attribute Source and User Identifier Value.
On the help page Federated Single Sign-On | SAP Help Portal, we can see the explanation for User Identifier Attribute Source.
As explained there, it controls which part of incoming SAML sign-on response will be used for mapping with the user in CPQ. In the error message, it is NameId node and its value is "<email ID>
".
It is also explained that this is mapped to the corresponding user by FEDERATION ID or Username of the user (or Global User ID depending on the application parameter as explained on the help page).
This means that this user should have this value "<email ID>
" set as the Federation ID (or Global User Id) on the User page in Setup.
This way the user will be successfully mapped.
See Also
Keywords
SSO, Error, CPQ, Facing, Login issue. , KBA , CEC-SAL-CPQ , Sales Cloud CPQ , Problem