I’m having trouble getting Azure guest accounts get signed into my Fresh apps (Freshservice, Freshmarketer, Org Site). Normal Azure users are able to use the SSO login but guest accounts are getting SAML errors and “ <USER> cannot be logged in as this user is not part of this organization”.
I came across another post that said the guest account needs to have Freshservice account as well. I confirmed my guest user has a Freshservice requestor account.
Any ideas to resolve this would be appreciated. Thanks!
SAML SSO handshakes send a NameID that Freshservice uses to identify the user, and it expects this NameID to be an email address. You can find the NameID claim under Azure Enterprise Apps > Freshworks > Single Sign-On > Box2. Ensure that the variable used as the source for the NameID claim contains an email address in the guest user's profile. To verify that the correct values are being sent as the NameID, you can use a SAML Tracer browser extension.