SAP Knowledge Base Article - Public

3088743 - Single Sign On Error Message: "Email address "ABC" could not be mapped to user. Reason: email address "ABC" used b."

Symptom

You are using SSO with Azure AD and when trying to log in you receive the following error message: "E-mail address "ABC" could not be mapped to user. Reason: E-mail address "ABC" used b."

Environment

SAP Cloud for Customer

Reproducing the Issue

1. Try to log in to the system using SSO.
2. Error message appears: "E-mail address "ABC" could not be mapped to user. Reason: E-mail address "ABC" used b."

Cause

The e-mail ID needs to be unique for each user for the SSO to work and there is no workaround for the same.

Resolution

The SSO needs the e-mail ID to be mapped directly to exactly one user. This is because when the SAML assertion happens between the IDP and the SAP system, the IDP passes this e-mail ID to the SAP system. In case the same e-mail is used for multiple users, there is no way then to figure out which is the user who is requesting for the session. Hence, the SSO will not work as the correct user cannot be determined in this case.

Keywords

SSO, Error, Mapped, Azure, Single, Sign, , KBA , SRD-CC-SEC , Security , How To

Product

SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications 2108