Advanced Integrations
      Back to home
      1. Help Center
      2. Advanced Integrations

      Troubleshooting SSO Login Issues (Azure) with SAML-tracer

      If you're having trouble logging into app.scopestack.io using Single Sign-On (SSO) via Azure AD, you can use a SAML tracing tool to help diagnose the issue. This article walks you through how to capture a SAML trace and share it with our support team

      🔧 What You'll Need

      A desktop browser:

      • Chrome (recommended)
      • Firefox (alternative)
      • Edge (alternative)

      A SAML tracing extension:


      🔍 Steps to Capture a SAML Trace

      1. Launch the Tracing Tool

      • Open SAML-tracer from your browser’s toolbar.

      • It opens in a new window and starts recording requests automatically.

      2. Reproduce the Login Flow

      • In a new tab, go to 👉 https://app.scopestack.io

      • Enter your work email address.

      • The app will detect your domain and redirect you to your Azure login page.

      • Continue the login flow until the error occurs or you're redirected unexpectedly.

      ⚠️ Important: Keep the SAML-tracer window open while you complete the login attempt.

      3. Review the SAML Traffic

      In the SAML-tracer window:

      • Look for HTTP POST requests with URLs that include /saml or /acs.

      • Click one of these entries.

      • In the right-hand pane, look under the SAML tab.

      You’ll see:

      • A SAML Request going to Azure from ScopeStack

      • A SAML Response coming back from Azure to ScopeStack

      ✅ You should see your email under NameID and attributes like email, name, etc.
      🚫 If the response is missing key fields or shows an error, that could be the source of the issue.

      💾 Export the Trace

      After you’ve captured the full flow:

      Firefox:

      • Click the 💾 Save icon in SAML-tracer to export a .har file

      Chrome:

      • Right-click in the SAML Chrome Panel > Save as HAR with content

      📬 Send to Support

      Please email the exported file to: support@scopestack.io
      Include:

      • Your email address

      • Time of your login attempt

      • A short description of what you saw (error message, unexpected loop, etc.)

      Subject Line:
      SSO Login Issue – SAML Trace Attached

      🧠 Common Azure SSO Issues

      Problem Cause Fix
      🔄 Login Loop SAML response is accepted but session isn’t created Check if Reply URL and Entity ID match what’s in Azure
      ❌ No Response Azure isn't responding to the SAML request Ensure ScopeStack is properly configured as an Enterprise App
      ⚠️ Missing Attributes Claims like email or NameID aren’t mapped Verify Azure claims mapping includes required fields
      🔐 Signature Error SAML certificate mismatch Confirm metadata uploaded in Azure is current

      ✅ Required Azure Attributes

      ScopeStack expects these in your SAML Response:

      • NameID = your email address

      • Attributes:

        • email

        • name

        • firstName (optional)

        • lastName (optional)

      📝 Summary Checklist

      Step Task
      1️⃣ Install and open SAML-tracer
      2️⃣ Go to app.scopestack.io and enter your email
      3️⃣ Complete the login flow until the issue occurs
      4️⃣ Find and export the SAML trace
      5️⃣ Email support with the file and details

      Need help interpreting the trace or checking your Azure config?
      Our team is here to help → support@scopestack.io