If you see “Error validating SAML message” when setting up SSO or logging in to your account, check the corresponding instructions below.
This error message in Azure AD may be caused by a corrupted certificate generated by Azure AD.
We suggest you try generating a new certificate in Azure AD. To do that, click Edit next to SAML Signing Certificate, and then click New Certificate in the window that opens next.
If you are locked out of your admin account and experience issues with updating your x.509 certificate, you can sign in bypassing SSO authentication by following the steps below:
- Log in using this link: https://www.grammarly.com/signin?ssoRedirect=false
- Log in again using this link: https://www.grammarly.com/signin?ssoRedirect=false&secureLogin=true
This error indicates that the signature validation of the SAML response from your identity provider was unsuccessful. The SAML response is signed by the identity provider’s private key and is validated on the Grammarly side using the identity provider’s public key. The public key is contained within the certificate (X509) uploaded to Grammarly. We need to ensure it is valid and corresponds to the private key used by the identity provider to sign the SAML response.
If you are locked out of your admin account and experience issues with updating your x.509 certificate, you can sign in bypassing SSO authentication by following the steps below:
- Log in using this link: https://www.grammarly.com/signin?ssoRedirect=false
- Log in again using this link: https://www.grammarly.com/signin?ssoRedirect=false&secureLogin=true
SSO might have also been misconfigured on the identity provider side. Please ensure that all attributes, including NameID, are present in SAML.
To log in to your Grammarly account, please launch Grammarly via your identity provider.
If you do not see the Grammarly app in your identity provider’s interface, please contact your account administrator directly and ask them to configure SAML single sign-on correctly using the instructions provided in these articles:
This error code indicates that the identity provider blocked the authentication because of incorrect or missing user permissions or service provider configuration.
This issue is typically caused by SSO-specific information missing in the service provider configuration on the identity provider side.
We suggest you check that all parameters in the configuration, NameID in particular, are correct.
Please see this article to learn more: Add Grammarly to an identity provider