Hello,
I recently created a Cursor Team Business Enterprise account. I verified (2) domains. I then implemented SSO into our Azure Entra Directory successfully.
However, in doing so, I lost the ability to login to cursor with our Admin account.
I need help logging in with our Admin account OR for you to manually re-assign admin permissions to our non-aliased user account.
Details below:
This is the current standing (see screenshot), I am also inviting trying to invite new members.
it-admin@domain2 - Admin
it-admin@domain1 - Member
user@domain2 - Member
user@domain1 - Member
We have (2) domains. Our older users use domain1 with alias to domain2 in order to forward traffic to the correct domain. All of the new users in our system use only domain2. In particular, we have a shared email inbox for it-admin@domain1" which has an active alias for “it-admin@domain2” which forwards traffic to “it-admin@domain1”.
I create an account and logged in as “it-admin@domain2” to verify domain1. Then I implemented the SSO steps on your website interacting with our Entra directory. I received an error - which indicated that i need to verify domain1. I did that. I then completed the SSO test and everything worked.
Then I logged out and the problems began…
At sign in i tried the following:
WHEN I sign in as “it-admin@domain2”
THEN I am correctly re-directed to “Microsoft SSO Login URI”
AND WHEN I try to pick account “it-admin@domain2”
THEN I get an error message: "The username may be incorrect…
INSTEAD I chose “it-admin"at"domain1”
AND WHEN I correctly enter my password
THEN I end up logged into a non-admin account of “It-admin@domain1”
This is because “it-admin@domain2” is not a valid entry in our active directory. We tried adjusting things on our end by reversing the directory entry and alias assignment - but this didn’t work, even after clearing cache / incognito browser settings.
Such that the directory entry is “it-admin@domain2” with an alias for “it-admin@domain1”
Initially When logging in we saw “internal error” messages on Cursor
But the main scenario we faced was as follows:
GIVEN: Clear cache/incognito browser
AND GIVEN: entra directory entry exists for domain2 user
WHEN I sign in as “it-admin@domain2”
THEN I am correctly re-directed to “Microsoft SSO Login URI”
AND WHEN I try to pick account “it-admin@domain2”
AND WHEN I correctly enter my password
THEN I end up logged into a non-admin account of “It-admin@domain1”
Bollacks. I think what happened is that cursor associated the same microsoft SSO token to the two accounts.
At this point I need to login to my “it-admin@domain2 account”
OR
I need Cursor to manually assign “it-admin@domain1” “Admin” permissions.
or some other user in my Team.
PS. I sent an email with the actual domain info to hi@cursor
Cheers,