Overview
In SS&E Administration-People & Roles-People, after selecting "Impersonate" from a person institution record, the screen flashes yet the user is not being impersonated.
In most cases, the reason a user cannot log in and cannot be impersonated is because one or more of the following items apply to their person record:
- The person record is set to Inactive
- The person record is missing a Username and/or Primary Email Address
- The user is assigned a primary email address and/or username that is also being used by another (active or inactive) user(s)
- The user is assigned an "invalid" username
- The user has no assigned roles.
User is Inactive
If the reason that a user cannot be impersonated is that they are "Inactive" in People Administration and on their Person record User Details, and the user should be active, the person record can be activated from the Person Admnistration screen or from their Person record.
- To activate a user from People Administration, select the person record and then select "Activate" from the top menu bar.
- To activate a user from their Person record, in People Administration, find the Inactive user and click on their Institution Id to access their Person record. Select Override, and use the Enabled dropdown to select "True". Once saved, the person will display as "Active".
Duplicate User
If the reason that a user cannot be impersonated is because there is a duplicate user in SS&E that is assigned either the same username and/or the same primary email address, this will prevent all users from logging into Student Success & Engagement since the system does not know which user is attempting to log in.
- It does not matter if any of the "duplicate" users are active or inactive users.
- To check for a duplicate user, from People Administration, search for the person who cannot be impersonated (for example "Joan Faculty"). Then, copy their email address from their person record and search again, this time by email. If there is more than one result, this explains why the user cannot be impersonated.
- To fix this, check if one of the duplicate username/email addresses is associated with an invalid user. If yes, select Override on the invalid person record, and enter a blank space on the Override menu to "remove" the duplicate email and/or username.
- If the "duplicate" user is not an invalid user, you must reach out to your IT department for the proper credentials, and these can also be entered on the Override menu or imported from the SIS. In the meantime, since each username and/or email address must be unique, you may enter a blank space in the "non-staff" person override menu so that the staff user may login.
- Once each user has their own unique username and/or primary email address, the Impersonate function and Login function will work properly.
Username/Primary Email Address is Missing or Incorrect
The assigned username/primary email address can either be included in the Person data extract imported from the SIS or assigned within SS&E People Administration from the User Detail "Override" menu.
- If imported from the SIS, the username can be verified in the most recent Person data extract/person.json file from Administration-SIS Integration-Datafeeds - Person-Download Extract-right-click "Save link as..."
- The username and primary email address may also be assigned on the Person Override menu.
- If the username/primary email address is missing or incorrect, these may be assigned via the Person Override menu from Administration- People & Roles-People, selecting the person institution record, and clicking on "Override" from the User Details top menu bar. For more information about Person Overrides, click here.
-
- If you are unsure of the user's username/primary email address you must ask your institution's IT what these values should be set to based on an example of any other person record that displays username/primary email address values.
-
Resolution
Once a username/primary email address is assigned correctly, the Login and Impersonate functions should work.
*If the username and primary email exist, and there are no duplicate users found, yet "Impersonate" is still not working - enter the user's primary email address on the "Override" menu for a quick workaround and open a ticket with SS&E Support for further investigation.
Failed to login
If logging into Student Success & Engagement fails with the following error message "Sorry, we were not able to find a user with that username and password" this means that the user is not being successfully authenticated by the institution and the underlying issue will have to be resolved by the institution's IT department.
- Since SS&E does not store passwords, access to SS&E is resolved by the institution SSO/SAML/Access authorization managed by each institution's IT staff.
- Access authorization and Login permission is controlled by each institution. SS&E then uses the primary email address and/or person username to determine who is logging in, in order to display the correct user view (student view/staff view), and the permitted menu items based on the user's aggregated permissions based on all their user role(s).
-
If using external authentication like SAML, OAuth, etc., when the identity provider (SAML iDp, Azure AD, Google, etc.) returns that the user has successfully authenticated, then whatever was used to login is sent to SS&E as the username.
-
- If there are multiple users in SS&E with the same username or primary email address then SS&E won't know which user to log them in as, and a different error message will display.
- If a user is successfully authenticated by the institution, then they should be able to login to SS&E unless there is an error message indicating that they are inactive, missing a username, assigned an email/username used by someone else in SS&E, or assigned an "invalid" username.
- For troubleshooting common login error messages that can be resolved within SS&E Administration, click here.
-
-
Something to differentiate is understanding where the user login failed.
-
- If the user authentication is successful and the SS&E login fails, this has to be fixed within Person Administration.
- If the user authentication fails, this needs to be resolved at the institution.
-
User has no assigned roles
In order to login or impersonate a user, users must first be associated with at least one security role since that is what determines what will display on the UI.
- To assign a security role, search for the Person ID in People Administration.
- Select the User ID, verify that the user has no roles.
- Select Add, and add at least one security role.