Click Travel

This article is primarily aimed at a technical audience with the ability to make changes to the SSO set up using Azure Active Directory or equivalent systems. If you don't have access, you may need to contact your system admin to help you.

It looks like your team isn't set up for single sign on right now

This error message shows when you cannot access the system with your SSO account. There are two possible reasons this may be:

Your team may not be set up to use SSO. If so <a href="http://help.clicktravel.com/en/articles/4611496-getting-started-setting-up-saml2-sso-access-to-click-travel">this article</a> can help guide you through the initial set up stages

If your team is set up, you may not yet have an account registered for the email address you're trying to use. Click Travel access is controlled by invitations from a team administrator, so you'll need to <a href="https://app.intercom.com/a/apps/pmlmthde/articles/articles/4560763/show" rel="nofollow noopener noreferrer" target="_blank">sign up from the invitation</a> before you can <a href="https://help.clicktravel.com/en/articles/2761044-sign-in-to-click-travel" rel="nofollow noopener noreferrer" target="_blank">sign in using your email address</a>

1. Your team may not be set up to use SSO. If so <a href="http://help.clicktravel.com/en/articles/4611496-getting-started-setting-up-saml2-sso-access-to-click-travel">this article</a> can help guide you through the initial set up stages
2. If your team is set up, you may not yet have an account registered for the email address you're trying to use. Click Travel access is controlled by invitations from a team administrator, so you'll need to <a href="https://app.intercom.com/a/apps/pmlmthde/articles/articles/4560763/show" rel="nofollow noopener noreferrer" target="_blank">sign up from the invitation</a> before you can <a href="https://help.clicktravel.com/en/articles/2761044-sign-in-to-click-travel" rel="nofollow noopener noreferrer" target="_blank">sign in using your email address</a>

Your invitation link is no longer valid

 This message will show when your account has already completed sign up and the same sign up link is pressed. Attempt to sign-in instead, which should work successfully. If it doesn't, you may need an new invitation 

Error messages on your sign in page, showing company branding

Error messages and issues which show on your company's sign-in page, or any page branded with your company's logo, are most likely a fault with the set-up on Azure or your company's equivalent system. Things to check include:

Azure Setup: Ensure your Azure settings match those described in <a href="http://help.clicktravel.com/en/articles/4611496-getting-started-setting-up-saml2-sso-access-to-click-travel">this article</a>: even small changes from this can cause sign-ins to fail. ​ ​Azure Groups: An Azure administrator must assign whichever users and groups you wish to use Click Travel to the Click Travel application on Azure. To do this, add the users individually or in groups under the 'Users and groups' menu item. If you do not do this, users will get an Azure error page when they attempt to sign in like the one below, with a message like: ​ "The signed in user &lt;email.address&gt; is not assigned to a role for the application &lt;application.id&gt; (Click Travel).

If you're a user seeing this message, you need to contact your organisation's Azure administrator to add you to a group which is able to use your SSO identity to sign in to Click Travel. 

Error screen which shows for AADSTS60106 error message - related to users not being correctly assigned to the application on Azure