Skip to main content

Attempted Login to Engine Fails With "Sorry you can't access saml-sso... because you are not assigned this app in Okta" (KBA5999)




KBA# 5999



All attempts to access the Delphix Engine web interface fail with a redirect to, and a message similar to the following:

Sorry, you can't access saml-sso-<engine name>-<some alphanumeric string> because you are not assigned this app in Okta.



The Engine has previously been registered in Central Management

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases



This issue occurs when an Engine is deleted from Central Management, but was not Disconnected from the Engine-side.

Once an Engine is configured in Central Management, all Engine authentication is handled by Central Management and relayed through Delphix IdP.  When the Engine is removed from Central Management, the references from Delphix IdP are deleted, but the deletion does not affect any state change on the Engine.

Attempting to re-add the Engine to Central Management also will be insufficient to resolve.

To ultimately resolve this issue, the Engine must be "disconnected" from Central Management using the following procedure:

  1. Access the Delphix Connect Agent directly via https://<engine address>/agent
  2. Click the Disconnect Engine hyperlink, this will remove the Central Management configuration and allow SSO to disable (or will automatically disable SSO).


As per our documentation at:

It is also recommended that the Engine be disconnected via System Setup first, then deleted from Central Management. 


Attempts to work around the issue by disabling SSO manually via sysadmin will fail with a message indicating the Engine is connected to Delphix Central Management:

DelphixEngine> /service sso
DelphixEngine service sso> update
DelphixEngine service sso update *> set enabled=false
DelphixEngine service sso update *> commit
   Error: Cannot modify SAML/SSO configuration as the engine is connected to Delphix Central
  Action: Use Delphix Central Management to manage authentication.


Related Articles

The following articles may provide more information or related information to this article: