Extern UID is already taken
while using SAML to log in
Description
- When attempting to log in with SAML, a user reports the error "Extern UID is already taken".
Environment
-
This indicates that the SAML identity the user is attempting to configure is already taken by another GitLab user account.
-
Often, this is another user account that belongs to the same user.
-
Impacted offerings:
- GitLab.com
- GitLab Dedicated
- GitLab Self-Managed
-
Impacted versions:
- All
Solution
- Log in to the other (incorrect) GitLab user account. You may need to reset the password
- Visit https://gitlab.com/-/profile/account
- Locate the SAML provider in the "Service Sign-in" Section
- Click "Disconnect"
- Log out
- Log back in to the account that should be using the SAML provider. You may need to reset the password
- Visit the SSO URL for your group, and log in
- Click "Authorize"
Unlinking and linking SAML via this method can resolve most SAML-related problems.
GitLab.com group owners or Self-managed GitLab instance administrators can also update a user's extern_uid
using the SAML API.
Cause
This indicates that the SAML identity the user is attempting to configure is already taken by another GitLab user.