Why is a user seeing "Unauthorized" when attempting to access the Cyral Control Plane via SSO?

This means that the user does not belong to an SSO group that has been mapped to a role in the Cyral Control Plane. 

To check this, sign into your IDP account (ie. Okta, GSuite) and check the user's group membership. You can then compare these groups with the groups that have been mapped in the Cyral Account Users screen in the control plane. 


If their group membership is not appearing, you can add a new group mapping for them. For more information on this, see: How do I map SSO groups to roles in the Cyral Control Plane? 


Once the group mapping is complete, the user will need to sign out, and then they will be able to sign in!

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.