After enabling SAML integration for an organization, all users are unable to login. They may face a 400 Server Error in the browser.
This can happen if the SAML integration is misconfigured. In this scenario, you will need to get back into Control Hub and either re-configure or disable SAML integration for the time being to allow access to other users before further troubleshooting.
The mechanism to get back into Control Hub in this situation is explained in the following excerpt, taken from our Control Hub documentation:
However, if the IdP is incorrectly configured within Control Hub, users will not be able to log in using SAML authentication. Users with the Organization Administrator role can use their Control Hub credentials to log into an administrative login page to re-enable access to Control Hub.
As an organization administrator, use one of the following URLs to log in to Control Hub using your Control Hub credentials:
- For Control Hub cloud, use
- For Control Hub on-premises, use the URL provided by your system administrator. For example,
In the login page, enter your user ID and password for your Control Hub account.
NOTE: Once you have logged back into Control Hub as an org admin via the link mentioned in the excerpt, you can check why the SAML logins were failing by viewing the Login Audit, available in SCH at 'Administration' -> 'Login Audit'