Troubleshoot directories

Directory issues may limit or block access to applications, connectors, users and user groups, user authentication, multi-factor authentication, or Login Portal authentication.

Troubleshoot directory reachability

The connection between your connector and directory may fail, making the directory unreachable.

📘

This procedures do not support the Cloud Directory service.

Test connectivity between directory and connector

To troubleshoot directory issues, check if the directory is reachable by the connector.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Identity > Directories.

  3. Click Directory Diagnostics next to your directory, and select Test Connectivity.
    An error or success message appears. If the directory is not reachable, continue to troubleshoot.

  4. Make sure that the connector associated with the directory is the one you expect.

    1. To view the connectors associated with the directory, return to the directory you want to test, and click Settings on your directory card.

    2. Select Connector > Associated connectors.
      If you need to add or remove a connector, click Add or remove a connector.

  5. Make sure your directory configuration is up to date. Return to your directory card, and click Sync.
    Wait for two to five minutes for the EAA directory configuration to sync across the cloud.

  6. Test the connectivity again. Click Diagnostics, and select Test Connectivity.
    An error or success message appears. If the directory is not reachable, continue to troubleshoot.

  7. To continue to troubleshoot review directory diagnostics and domain information.

Review directory diagnostics and domain information

Make sure the directory domain information is correct in EAA and review your internal network firewall rules.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Identity > Directories.

  3. Make sure your directory configuration is up to date. Click Sync on your directory card.
    Wait for two to five minutes for the EAA directory configuration to sync across the cloud.

  4. Click Directory diagnostics and verify the following:

    1. Domain. This field contains the AD or LDAP domain location of your native directory. Make sure that the domain name listed is the one you expect to be associated with this directory. If it is not correct, continue with this procedure.

    2. Last synchronized. This field contains the date and time that the directory was last synchronized. If you completed step 3 in this procedure and this field does not have an updated date and time, contact your account representative for further support.

  5. Return to directories, and on your directory card click Settings.

  6. Review the domain fields for accuracy and make changes as needed. For more information about the domain fields see Add or edit an LDAP, AD or AD LDS directory. Issues are commonly found with the information entered into these fields:

    1. Host. Based on your native directory setup make sure the correct service, either LDAP set to port 389, or LDAPS set to port 636, is selected.

    2. Admin account, admin password, and admin permissions for the directory. Make sure the correct admin account and admin password are captured in Enterprise Application Access (EAA). Access your native directory and make sure that the admin account entered in Enterprise Application Access has read-only permissions or higher.

    📘

    If you make any changes to the directory domain fields in the previous step, save the changes and sync the directory.

  7. Outside of EAA, review your internal firewall rules and make sure they allow the host information as it appears in EAA to communicate with the connector's source IP.

  8. Outside of EAA, review your internal access rules and make sure there is nothing blocking the data path between the EAA cloud service and the directory. This is often resolved by having an allow rule in place for the native directory source IP address on your network.

Troubleshoot search and sync

Troubleshoot issues with your users, groups, or organizational units (OU) in the directories.

Prerequisite:
Confirm the directory is reachable. Test connectivity between the directory and connector.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Identity > Directories.

  3. Make sure your directory configuration is up to date. Click Sync on your directory card.
    Wait for two to five minutes for the EAA directory configuration to sync across the cloud.

  4. Click Directory diagnostics.

  5. In the Directory group search field, type the group name, or OU, and click Search.
    The search results appear below.

  6. Type the group name or OU and click Search Group.

  7. To make sure the directory is reachable troubleshoot directory reachability. Test connectivity between the directory and connector. Review directory diagnostics and domain information.

  8. Make sure that the number of groups in the directory is correct. Return the to directory list and verify that the number of groups listed is correct.

  9. Make sure that the user, group, or OU you searched for is part of the directory.

    1. Click Users to display users existing in the directory.

    2. Click Groups to display groups existing in the directory.

  10. If the user, group or OU is not present, add the user, group, or OU to the directory.

    1. For users, see Add users and invite them to the cloud directory.

    2. For groups or OUs, click Add New Group icon and follow onscreen directions.

  11. Click Save, and on your directory card, click Sync.

  12. Search for the directory group or OU in Directory diagnostics > Search Group again.
    The directory group or OU appears.

Sync users, groups, or organizational units in the EAA directory

Troubleshoot directory sync issues if your directory card shows that zero users, groups, or organizational units (OU) have synced, or if a newly added user is not sync to the directory along with others.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Identity > Directories.

  3. Make sure your directory configuration is up to date. Click Sync on your directory card.
    Wait for two to five minutes for the EAA directory configuration to sync across the cloud.

  4. To make sure the directory is reachable troubleshoot directory reachability. Test connectivity between directory and connector.

  5. To make sure the group or OU where the users belong has been added to the directory search EAA for a directory user, group, or OU.

  6. Outside of EAA check the native directory and make sure the user has at least a user-principal name (UPN) or email address listed.

Troubleshoot authentication

Check login credentials

Troubleshoot EAA Login Portal authentication issues. The EAA Login Portal is accessed by users with their login credentials. Those are defined in the EAA directory user and groups configuration. For example, in an Active Directory (AD) or LDAP configuration, use your AD username and password to log in to the Portal. If these credentials do not work, to troubleshoot:

  1. Log in to EAA Management Portal.

  2. Test connectivity between directory and connector.

  3. If connectivity is confirmed, log in and access applications in the Login Portal.

If the problem persists, continue to troubleshoot.

  1. Verify that the connector status is reachable.

  2. In the EAA Management Portal navigation menu, select Connectors.

  3. Check if your connector status is Running.
    If the connector is not reachable, see Common reasons for connector check-in failure.

  4. Test connectivity between directory and connector again.

  5. In a new browser window or tab, log in and access applications in the Login Portal again.

If the problem persists, continue to troubleshoot.

  1. Check the login preference for the directory in EAA and verify that the user name entered in the EAA Login Portal is as configured. To learn more see Manage password complexity for the Login Portal from the Active Directory (AD).

  2. In the navigation menu, select Identity > Directories.

  3. On your directory card, click Settings.

  4. The configured login preference for the directory is listed. To change the login preference choose one of the following: 'Email', 'sAMAaccountName', 'User Principal Name (UPN)', 'Domain/sAMAaccountName'.

  5. Click Save, and on your directory card, click Sync.

  6. In a new browser window or tab, log in and access applications in the Login Portal again.

If the problem persists, continue to troubleshoot.

  1. In your native directory outside EAA, check if user's account is active, that their password has not expired, and that they do not need to change their password at the next logon.

  2. If you make any changes to the user's account in your native directory, return to the directory in EAA Management Portal, and click Sync .

  3. In a new browser window or tab, log in and access applications in the Login Portal again.

If the problem persists, continue to troubleshoot.

  1. Verify that the user is associated with the directory in EAA.

    1. From the top menu bar select Identity > Directories.

    2. Locate the directory you want to view users for and click Users.

    3. Click Search Users and enter the name of the user. If the user is not returned in the search, add the user. See Add users and invite them to the cloud directory. Then return to the EAA directory card and click Sync Directory.

If the user returns in the search, continue to troubleshoot.

  1. Verify that the user's directory group is assigned to the application. To learn more see Assign a directory to an application.

    1. Go to Identity > Directories, and click Sync.

    2. In a new browser window or tab, log in and access applications in the Login Portal again.

If the problem persists, contact support.

Unable to add a new user

If you try to add a new user to the to the Cloud Directory, and cannot see it in EAA dashboard, or get this error message:

```
Oops! We seemed to have experienced an error. If this problem persists, raise a support case.
```
  1. Confirm that the user was not previously added to this Cloud Directory. You encounter this error if you are trying to add a duplicate user.

    Enter the result of your step here.
    
  2. After you confirm the user does not already exist, try to add the user again with a password that follows these rules:

    • Has a minimum length of eight characters.

    • Contains uppercase and lowercase letters and non-alphabetic characters, such as numbers or symbols.


Did this page help you?