SAML error: invalid_grant: BBSTS50056: The user account {EmailHidden} does not exist in

 Issue:

we are using SSO on aws  Redshift database login and we got the below error and I tried to connect to Redshift using SSO and got the below error,but local accounts able to make connections to database.Then found the issue Related to SAML assertion.

Something unusual has occurred to cause the driver to fail. Please report this exception.

  SAML error: invalid_grant: BBSTS50056: The user account {EmailHidden} does not exist in the 45f81a76-3477-44dd-b547-fgb3b6a146543 directory. 

To sign into this application, the account must be added to the directory. Trace ID: 45dd7dae-8355-45bc-b4f9-43df120f888 Correlation ID: 1fed5c1a-7c4f-4ffc-b234-672d069c15c1 Timestamp: 2022-02-28 05:28:14Z 

 Impact:

unable to login to Redshift database using SSO

Root cause:

Then found the issue Related to SAML assertion. Users unable to connect to Redshift DB because  the respective  AD account has been deleted on Azure Active directory.

looks like the AD accounts marked as deleted on AZURE Active directory.

Solution

we asked the cloud admin to enable the AD accounts on Azure active directory and issue resolved.