![Logo- Basic (1).png]](https://help.wellioeducation.com/hs-fs/hubfs/Logo-%20Basic%20(1).png?height=30&name=Logo-%20Basic%20(1).png){kind=logo}
💡 Tip: You can test any SSO configuration changes using the test account details you provided to Wellio in the initial setup.
"App Not Configured for User" or "User Access Denied"
What it looks like:
Attempting to sign in shows an access denied screen.
Common cause:
The account hasn’t been assigned to a group that has permission to access the Wellio app.
How to fix it:
- In your identity provider, assign the test user to the Wellio App (via a group)
- If applicable, check for a setting such as "Assignment Required" and disable it to allow broader access
"App Not Enabled for User"
What it looks like:
Attempting to sign in shows an Access Denied screen.
Common cause:
The group that the user themselves is in has not been granted access to the Wellio app in their IDP (Azure/Google/etc.), or access to the Wellio App has been turned off entirely.
How to fix it:
-
In your identity provider, enable the test user account(s) to access the Wellio App
-
If using Google: Go to Wellio App → Settings → User Access → Service Status and set it to ON for everyone
"Malformed Certificate"
What it looks like:
Attempting to sign in shows a Malformed Certificate error.
Common cause:
The SAML Certificate has likely expired. These certificates are usually valid for 3 years and must be renewed before expiration.
How to fix it:
-
In your identity provider, generate and upload a new SAML Certificate to Wellio
User's full name appears blank in Wellio
What it looks like:
After logging in, the user’s first and/or last name is missing from their profile in the Settings page in Wellio.
Common cause:
The SSO claim mapping for names hasn’t been configured correctly, or the identity provider hasn’t stored name values for the user.
How to fix it:
Check your SSO configuration and ensure that the following EXACTLY matches:
-
Microsoft Azure:
- Google:
- Other IDP:
- Email attribute ->
email - First Name attribute ->
first_name - Last Name attribute ->
last_name
- Email attribute ->
Staff are being logged in as students
What it looks like:
-
A teacher ends up in a student view with no classes or admin access.
-
The user says they "used their school account" but it's not working as expected.
Common cause:
The user is signed into their Google Account using SSO with a different email address (e.g. their school or Department email) to their provisioned Wellio email. Google parses the email from the current active SSO session, even if this is different to your Wellio one.
How to fix it:
-
Ask the user to fully log out of their Google/Microsoft account in their browser and try again using the correct school-issued email.
-
If Wellio has them registered under an outdated email, contact Support to update the email address on file.
Teachers can't view student names in the platform
What it looks like:
Teachers can see lesson progress but all student names are missing and are only displaying email addresses.
Common cause:
SSO is not passing through the correct name claims (usually first_name or last_name are missing or empty).
How to fix it:
-
Check your SSO configuration and ensure that the following EXACTLY matches:
-
Microsoft Azure:
- Google:
- Other IDP:
- Email attribute ->
email - First Name attribute ->
first_name - Last Name attribute ->
last_name
- Email attribute ->
Also check that the user account has a first and last name set in your identity provider.
-
Still need help? Please contact support@wellioeducation.com and include:
-
A screenshot of the issue or error
-
A screenshot of your SSO claims configuration