Email mismatch preventing login

Are you receiving this error when you try to sign in to Blissbook via Single Sign-On (SSO)?

This error triggers if you're using a Microsoft Azure or Google Workspace SSO account to sign in and the email address associated with that account does not exist in Blissbook. If the user has a Blissbook account, that account may have a different email address on file.

This can also happen with Okta or a custom SAML SSO integration if you have your unique employee identifier set to Email Address (or unset, which uses email address by default).

When you log in to Blissbook via SSO, your SSO provider sends a response to Blissbook saying something like, "hey, first.last@company.com is an authenticated user, you should let them in." Blissbook checks that email address against your user list in Blissbook. If there's a match, we let you in. If not, you see this error.

To fix the error, you need to get the email addresses in the two systems to match or you need to use a different unique employee identifier on which to match.

You have 2 options:

If you think your email addresses do match, here are some troubleshooting ideas.

(1) Fully sign out of your SSO account, and try again from scratch with the email address that matches what's in Blissbook.

(2) Try again in a private or incognito window. It's possible there is old session data stored in your browser that is affecting your login flow in unexpected ways. This could make it seem like it's working one way when it's not. If you try this and it works, you may need to clear all session information related to your SSO and to Blissbook from your browser's cache/cookies.

(3) Some Azure accounts or custom Okta/SAML setups allow users to log in to their account with an alias. If that's the case, check with your IT admin. You may also want to test (in a private/incognito window) whether your SSO provider is sending Blissbook the core/root email address associated with your account, or they are sending the alias email address. To test this, set your email address as one or the other in Blissbook, then try to log into Blissbook via SSO in a private/incognito window using your root email, then try your alias email in a separate private/incognito session. See which one works.

Our basic Microsoft Azure & Google Workspace SSO integrations use each's generic endpoint that uses email address as a user's unique employee identifier.

You can avoid the email mismatch issue if you uniquely identify users in another way, for example by their Employee ID.

This requires an Okta integration or a custom SAML integration, which is compatible with almost any SSO provider, including Microsoft Azure. When you set it up, choose Employee ID as the Unique Employee Identifier.

Your error message might be slightly different and infer that your email address recently changed:

Blissbook stores a history of each user's email address so that we can give more helpful error messages. This error message is basically saying the same thing as the one above: the email address you're using to sign in does not match the currently active email address on file.

If this issue is preventing all of your admins from signing in because you previously disabled the ability for users to sign in Via Special Link Sent via Email, you may want to re-enable that setting at least temporarily. If none of your admins can get in, let our support team know and we will toggle that back on so you can log in.