Seamless Rollout Troubleshooting

Single Sign-On (SSO) with Browser Extension Rollout can be a powerful way to enhance security and streamline access to various applications for users. 

However, like any technology implementation, it can come with its own set of challenges. 

General advice 

ℹ️ Please make sure that all the data you implement is correct and has the right syntax.

Here are some common issues that organizations may encounter when using SSO with browser extensions:

Error Messages

You need to have the Company ID and can then visit

For EU Region:

For US Region:

Invalid CompanyId
  • Review with Userlane Customer Success Manager that correct companyID is used.
Invalid Signature
  • Try renewing the certificate. This requires your IT to provide a new certificate code.

  • Add the new certificate to the Userlane Portal.

Error status Code 500
  • Reach out to Userlane Customer Success Manager to review datatype settings.
PEM_read_bio_PUBKEY failed
  • Check that the certificate in the Userlane Portal from the customer’s metadata .xml is correct and not missing any characters with help of their developers.

Outdated certification
  • Add a new certificate into Userlane Portal.

Invalid certificate format
  • Review certificate format. Check for blank spaces, missing content or additional content.
  • Set up SSO trust for Userlane.

If the link opens the login page of your IDP and shows no error but you are still not authenticated (no Company User shown in the Userlane Portal), check the Entry Point URL, it usually should contain the word "SAML". Check the XML file for the right entry point URL.

Extension shows "Userlane not running"

Make sure your application is added as an underlying application

Ensure that your software is added to your Portal. Sign in to the Userlane Portal. Click the Application dropdown then select Settings > Application URLs.
Application URL list with the

Review setup and syntax for Browser Extension Policies

Make sure companyID, integrityToken and region are set up correctly for respective browser and use the right syntax. 

How to check? 

Do a right click on the Browser Extension. Click on Options.

Navigate to Managed Storage.

Here you can see what information is currently being passed on. 

Review whether the data that is being passed on is correct.

If any of these values is marked in red, it means that there is an error, see example:

If there is no table visible, it means that the Browser was not configured yet. 

You need to configure the Browser to install the Userlane Extension through the given options by the respective browser:

For any question regarding this, please reach out to your Userlane Customer Success Manager and IT team internally to confirm.

Content Security Policy

Should you have chosen Iframe as SSO Window Mode, it could be that your Content Security Policy does not support Iframes. 

How to check? 

Do a right click on the Browser Extension. Click on Options.

Navigate to Managed Storage.

Should that be the case, you will see a message similar to this: 

In this case, please try using Inactive or Active Tab as alternative SSO Window Mode in the Userlane Portal > Browser Extension.

Review Browser Extension Policies Restrictions

If your IT has implemented restrictions on what URLs the Browser Extension is active, Userlane needs to be added to that URL list by adding *://*

Review users have been added to your IDP

A user must be included in your IDP (e.g. Azure, ADFS, Google Workspace) and to any groups applicable in order to be authenticated and see Userlane content.

Users with multiple logins

The automatic authentication will only be successful if the User has just one login to the IDP. 

With multiple logins, your application will first ask which to use for the authentication. Userlane would not show such prompt.

How to test:  in the testing phase, please set the SSO Window mode to Active Tab in the Userlane Portal: Settings - Browser Extension. The authentication process will open a login page on your app. 

If it lets you select which login to use, it means that Userlane will not be able to do automatic authentication with such user.

Make sure that your segmentation is set up

Make sure that the user profile you use in your application matches these segmentation settings and the user is supposed to see content.

Allow 3rd party cookies

Some browsers block 3rd party cookies by default, including the ones coming from Userlane. This will block some of the Userlane elements. You can check if this is the case by allowing all cookies in your browser settings (only for the sake of testing). 

If this has solved the problem, you can put the following domains in your browser's "3rd party cookie allowed list"

  • your app's domain you want to use Userlane on
  • Userlane's domain [*.] 

After you added these domains, you can switch the main cookie setting back to default. 

You may need to ask your colleagues in IT for help.

ℹ️ For more on enabling the third-party cookies, please review the links below for your browser: Google Chrome, Mozilla Firefox, Safari, and Microsoft Edge

If none of the links above is beneficial for you, check the guidelines in the browser's help center.

As an alternative, there are extensions that allow third-party cookies. If you would like to use this solution, Userlane's underline application URLs should be added to those extensions.

Deactivate any Adblockers

Some adblockers can prevent any cookies collection. Allow Userlane for your adblocker or deactivate it.

Separate window opens asking to log in again and does not close automatically

Security Software blocks content or User is not connected to company's network.

Export Browser Extension logs

The Browser Extension allows you to check and export logs for troubleshooting. Send the export to the Userlane Support Team.

Here is a short instruction video:

User Icon

Thank you! Your comment has been submitted for approval.