SAML Error || Account not provisioned

I have activate SSO/SAML app and after that I can’t login in Nextcloud Admin using the local aacount
error MSG appear " Account not provisioned.Your account is not provisioned, access to this service is thus not possible. "

How can I deactivate it or return back to login using my local account.

any support is appreciated

I’m not an expert, but if you can log into the terminal:

sudo -u www-data php /var/www/nextcloud/occ app:disable user_saml

1 Like


I am getting the same issue, but I don’t want to disable it. Is there any way to use my own IDP? Means I have my own IDP page, can I redirect the user to this page? If yes then please help me out. Also, the SSO & SAML authentication tab providing limited options. Kindly find the screenshot:

Can I have any update on this?

I ran into the same issue, it appears the ability to select the SSO type in user interface is broken. This results in nextcloud looking for an environment variable from some external SSO framework, which it won’t find, hence giving the ‘not provisioned’ error. What worked for me was running:

UPDATE oc_appconfig SET configvalue=‘saml’ WHERE appid=‘user_saml’ AND configkey=‘type’;

in the mysql backend. After that, I could configure SAML as expected.

configvalue value is already set to ‘saml’ but im still having the same issue.

Just for the sake of documentation and the rare chance that someone else runs into this:

If the SAML server sends back a SAMLRequest that fails the User_SAML plugin’s validation process, rather than showing that validation error, it just proceeds as if it hadn’t received ANY attributes back from the SAML response.

Why? I don’t know. But, in my case, my SAML server was setting an incorrect “Destination” value in the SAMLResponse. So, even though it was redirecting to the correct ACS endpoint, the validation failed. So, the User_SAML plugin would see an empty set of attributes. So, when it would go to look up a user account, it would fail. Hence, “Account Not Provisioned.”

I had to dig into the OneLogin SAML2 code to figure this out…

Hi Garrett. I have the same issue. Can you clarify how you fixed it?

same issue