SAML Login Fails With "User account not found" Error After Upgrading Tableau Server

Published: 30 Aug 2023
Last Modified Date: 02 Oct 2023


The SAML login fails with the following error after upgrading Tableau Server to the affected versions:
Unable to Sign In
User account not found.
For help, contact your Tableau Server administrator.


  • Tableau Server 2021.4.20
  • Tableau Server 2022.1.16
  • Tableau Server 2022.3.8
  • Tableau Server 2023.1.4


Perform the following steps to ignore the user domain matching.  The flag set in Step 3 is only available starting with the upgraded versions listed in Step 1.  Please see the Additional Information section of this article to understand if this solution will be the correct one for your organization.

1. Upgrade to Tableau Server 2021.4.21+, 2022.1.17+, 2022.3.9+, or 2023.1.5 and higher versions if your version is one of the affected versions.  

Beginning in Tableau Server versions 2021.4.21, 2022.1.17, 2022.3.9, and 2023.1.5, you can configure Tableau Server to ignore the domain portion of the username attribute when matching the identity provider (IdP) user name to a user account on Tableau Server. For example, the username attribute in the IdP might be to match a user named alice in Tableau Server. Ignoring the domain portion of the username attribute might be useful if you already have users defined in Tableau Server that match the prefix portion of the username attribute but not the domain portion of the username attribute. 

2. Change to the legacy identity store mode when Identity Service is enabled.
Identity Service is enabled if the following parameter value is false.

tsm configuration get -k wgserver.authentication.legacy_identity_mode.enabled

Run the following commands to enable legacy identity store.

tsm authentication legacy-identity-mode enable

3. Set the following parameter to ignore the domain portion of the username attribute.

tsm configuration set -k wgserver.ignore_domain_in_username_for_matching -v true
tsm pending-changes apply



From Tableau Server 2021.4.20, 2022.1.16, 2022.3.8, or 2023.1.4, the domain portion of the username attribute when comparing the identity provider (IdP) user name to a user account on Tableau Server, the information must match.

Additional Information

As mentioned in the Tableau Online Help to Ignore domain when Matching SAML username attribute, there is an important note:

We do not recommend ignoring the domain name without taking precautions. Specifically, verify that user names are unique across the configured domains that you've created in your IdP. Configuring Tableau Server to ignore the domain name has the potential to result in unintended user sign-in. Consider the case where your IdP has been configured for multiple domains (e.g., and If two users with the same first name, but different user accounts (e.g., and are in your organization, then you could have a mapping mismatch.
Did this article resolve the issue?