SAP Knowledge Base Article - Public

3088743 - Error Message "Email Address XYZ Could Not Be Mapped to User" When Logging In Using Single Sign-On

Symptom

You are using SSO with Microsoft Azure Active Directory and when trying to log in, you receive error message "E-mail address XYZ could not be mapped to user. Reason: No business partner found for e-mail address XYZ" (where XYZ stands for an actual e-mail address).

Environment

  • SAP Business ByDesign
  • SAP Cloud for Customer

Reproducing the Issue

1. Try to log into the system using SSO.
2. Error message appears.

Cause

The e-mail ID being passed needs to be assigned to a user in the system, and not more than one.

This is because when the SAML assertion happens between the IDP and the SAP system, the IDP passes this e-mail ID to the SAP system. In case the same e-mail is used for no user or for multiple users, there is no way to figure out which user is requesting to log on. Hence, SSO will not work as the correct user cannot be determined.

Resolution

Ensure that the e-mail being passed is assigned to at least one user and one user only (i.e. users have unique e-mail IDs assigned to them in the system).

Keywords

SSO, Error, Mapped, Azure, Single, Sign, Email address, could not be mapped to user , KBA , SRD-CC-SEC , Security , LOD-CRM-SEC , Security Topics , How To

Product

SAP Business ByDesign all versions ; SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions