Problem

The user group is not allowed to log into the Web agent in question

Symptoms

An authenticated user is not allowed to access a web application.

Ubisecure SSO shows the message: Access to the requested resource is denied.
The diag log contains the error: spi.AccessDeniedException: Access to the requested resource is denied.
Ubisecure SSO shows the following message: You have been authenticated but you are not authorized to the requested application.

Select the Web agent in question from the Ubisecure SSO Management application. Add the user's group in the Allowed To list.
Make sure the authentication method used by the user is enabled for the site where the user is located within Ubisecure SSO Management. See the "Site Methods" tab of site where the user is.
Make sure that the user is member of some of the groups specified in the Allowed To list.
Make sure that the authorization policy Single-Value Attribute constraint is met. If there is an attribute name listed under Single Value Attribute, login will not be possible if the authorization policy generates an attribute that has multiple values.
In the example below, the user must have only one phone number.
Make sure that the authorization policy Mandatory Attribute constraint is met. If there is an attribute name listed under Mandatory Attribute, login will not be possible if the authorization policy does not generate an attribute that has that name.
In the example below, the user must have at least one surname attribute.