Lost Admin Account while implementing SSO

Hello,

I recently created a Cursor Team Business Enterprise account. I verified (2) domains. I then implemented SSO into our Azure Entra Directory successfully.
However, in doing so, I lost the ability to login to cursor with our Admin account.

I need help logging in with our Admin account OR for you to manually re-assign admin permissions to our non-aliased user account.
Details below:


This is the current standing (see screenshot), I am also inviting trying to invite new members.

it-admin@domain2 - Admin
it-admin@domain1 - Member
user@domain2 - Member
user@domain1 - Member

We have (2) domains. Our older users use domain1 with alias to domain2 in order to forward traffic to the correct domain. All of the new users in our system use only domain2. In particular, we have a shared email inbox for it-admin@domain1" which has an active alias for “it-admin@domain2” which forwards traffic to “it-admin@domain1”.

I create an account and logged in as “it-admin@domain2” to verify domain1. Then I implemented the SSO steps on your website interacting with our Entra directory. I received an error - which indicated that i need to verify domain1. I did that. I then completed the SSO test and everything worked.

Then I logged out and the problems began…
At sign in i tried the following:

WHEN I sign in as “it-admin@domain2”
THEN I am correctly re-directed to “Microsoft SSO Login URI”
AND WHEN I try to pick account “it-admin@domain2”
THEN I get an error message: "The username may be incorrect…
INSTEAD I chose “it-admin"at"domain1”
AND WHEN I correctly enter my password
THEN I end up logged into a non-admin account of “It-admin@domain1”

This is because “it-admin@domain2” is not a valid entry in our active directory. We tried adjusting things on our end by reversing the directory entry and alias assignment - but this didn’t work, even after clearing cache / incognito browser settings.
Such that the directory entry is “it-admin@domain2” with an alias for “it-admin@domain1”

Initially When logging in we saw “internal error” messages on Cursor
But the main scenario we faced was as follows:

GIVEN: Clear cache/incognito browser
AND GIVEN: entra directory entry exists for domain2 user
WHEN I sign in as “it-admin@domain2”
THEN I am correctly re-directed to “Microsoft SSO Login URI”
AND WHEN I try to pick account “it-admin@domain2”
AND WHEN I correctly enter my password
THEN I end up logged into a non-admin account of “It-admin@domain1”

Bollacks. I think what happened is that cursor associated the same microsoft SSO token to the two accounts.

At this point I need to login to my “it-admin@domain2 account”
OR
I need Cursor to manually assign “it-admin@domain1” “Admin” permissions.
or some other user in my Team.

PS. I sent an email with the actual domain info to hi@cursor

Cheers,

Hey, please send an email to [email protected].

Hi Deanrie,

No one has responded to my emails at [email protected]
Any other suggestions?

2 Likes

I have a similar issue. Have you resolved this issue?

I also have similar issue.

I have a similar issue.

CRITICAL: COMPANY-WIDE AUTHENTICATION FAILURE - INFINITE REDIRECT LOOP BLOCKING ALL USER ACCESS!

I have a similar issue. But I’m worse than you.
I reset sso after this problem occurred, and the page popped up automatically, causing all accounts under the enterprise to be unable to log in.

Has anyone been able to solve this?
I’m locked outside of our account and others are logging out and not being able to log back in.
Sent support an email but no responses, unsure what to do to get this solved.

I just got an email today to update the SSO setup cause the certificate expired (the email sends you to a specific page to update SSO settings), expired Apr 1st and I got the email today.
I was able to re-upload SSO and its fixed now, just took a long time to get to this point.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.