Symptoms

You may face the Error 403 Forbidden while trying to use Single-Sign-On to enter a FlexiCapture station

Cause

The most obvious reason for such behavior is a mismatch between endpoint name set on SSO provider side and actual URL of FlexiCapture hostname

Resolution

Make sure ENDpoint name(set on Identity provider side) matches the sample 

If you are using a tenant, add the tenant’s identifier to the server URL, e.g. https://<ApplicationServer>/Flexicapture12/Server/Saml?Tenant=MyTenantName

In the case of FlexiCapture Cloud:

Tenant: MyTenantName

Endpoint URL: https://usa.flexicapture.com/FlexiCapture12/Login/MyTenantName/AccessToken/Saml

Important! Ensure there are no differences between the actual tenant name and the one set on SSO provider side 

The FlexiCapture Cloud domain (i.e. https://usa.flexicapture.com) may differ according to your Processing Location.

More details on how to implement SSO can be found here.