You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > Administration > SSO/Login Access Issues
SSO/Login Access Issues
print icon
Mar 05, 2026
views icon 5

This article explains how to diagnose and resolve SSO/login access issues in Pace Scheduler, including missing SSO button behavior, Entra/Azure identity mismatches, tenant-wide login failures, and temporary continuity options when SSO is blocking access.

 

Most SSO issues come from one of four areas: identity mismatch (UPN/email), domain/URI configuration, tenant app approval, or browser/session context. Following a structured check prevents unnecessary downtime and helps restore user access quickly.

Prerequisites

  • You have Pace admin access for the affected site.
  • You have access to your Microsoft Entra (Azure AD) admin team.
  • You can test with at least one affected user and one known-working user.
  • You can collect exact errors, affected URLs, browser details, and timestamps.
  • You have the Pace Azure app reference link available:
    • https://azuremarketplace.microsoft.com/en-ie/marketplace/apps/aad.pacescheduler?tab=Overview

Before you begin

  • Confirm whether SSO is intentionally enabled.
    • If SSO was enabled unintentionally, users may be blocked from password login until settings are corrected.
  • Confirm login entry point.
    • Use pacescheduler.com for SSO testing unless directed otherwise.
  • Confirm identity format expectations.
    • Users should authenticate with the same UPN/email identity expected by Entra and configured in Pace.

 

If users must work immediately and SSO is blocking everyone, prioritize continuity first, then complete SSO remediation.

Steps

Part 1: Verify core SSO prerequisites

  1. Validate tenant/app readiness in Entra.
    • Confirm the Pace Azure app is approved/allowed in your tenant.
    • Confirm affected users are synced and assigned as required by your Entra policy.
  2. Validate domain and login identity mapping.
    • Confirm the organization domain is configured for SSO on the Pace site.
    • Confirm the user is signing in with the exact UPN/email expected by Entra and Pace.
    • Check for leading/trailing spaces in email input.
  3. Validate redirect/URI coverage.
    • If issue is sandbox-only, confirm sandbox domain is included in approved SSO redirect URIs.

 

Part 2: Test login behavior correctly

  1. Run clean browser tests.
    • Test in an incognito/private window.
    • Test in at least two browsers (for example Edge and Chrome).
    • Sign out of other Microsoft/work accounts before testing.
  2. Test SSO button visibility and flow.
    • Navigate to pacescheduler.com.
    • Enter user email exactly, then check whether Login with SSO appears.
    • If SSO button appears, complete Microsoft authentication and note final result.
  3. Capture details for any failure.
    • Capture exact message (for example, SSO Login Failed..., 400/404 redirect errors).
    • Record whether issue occurs on web, mobile, or both.
    • Record user, timestamp, and browser.

 

Part 3: Maintain continuity if needed

  1. Use temporary access fallback when business-critical work is blocked.
    • If SSO outage is broad and urgent, Support can temporarily disable SSO so users can continue with password login.
    • Coordinate communications so users know which login method to use during the temporary period.
  2. Re-enable SSO after validation.
    • After Entra and Pace-side checks are complete, have Support re-enable SSO.
    • Have users refresh, return to pacescheduler.com, and retest.

Confirm it worked

  • Users see the Login with SSO option when expected.
  • Affected users can complete Microsoft authentication and reach their site.
  • No tenant-wide SSO Login Failed errors persist after refresh/retest.
  • Login behavior is consistent across supported browsers.

Troubleshooting

  • Users get “SSO Login Failed. Please ensure the account you are using is activated for single sign on.”
    • Verify domain is enabled for SSO and user is assigned/synced in Entra.
    • Have users refresh and retry from pacescheduler.com.
    • If organization-wide, escalate as a potential SSO configuration incident.
  • SSO button does not appear for some users.
    • Verify exact email entry (no spaces).
    • Verify user email/UPN alignment in Pace and Entra.
    • Retest in incognito window.
  • 400/404 after Microsoft authentication.
    • Treat as redirect/token flow issue.
    • Validate redirect/URI settings and domain coverage, including sandbox URIs if applicable.
    • Capture browser + timestamp + user for support escalation.
  • Password reset does not work for SSO users.
    • If SSO is enabled, use SSO login flow instead of password reset path.
    • If required, coordinate with IT on Entra account state and workstation account context.
  • Users were blocked right after invitations were sent.
    • Confirm SSO was not enabled unintentionally.
    • Temporarily disable SSO to restore password continuity if needed.
    • Re-enable only after Entra app approval and domain prerequisites are complete.

FAQ

  • Can users sign in with password while SSO is enabled?
    For SSO-enabled domains, SSO should be the expected login path unless temporary fallback is intentionally enabled.
  • Should users log in at the department URL or pacescheduler.com?
    For troubleshooting and SSO button validation, start at pacescheduler.com unless your support team directs a tenant-specific path.
  • Do email case differences matter?
    Case sensitivity issues have existed in some scenarios; always test exact email entry and retest after any related fixes.
  • What should IT provide when escalating?
    Affected users, exact error text, timestamp, browser, whether issue is web/mobile/both, and Entra sign-in log outcome.
Was this article helpful?
0 out of 0 found this helpful

Tags

close button
scroll to top icon