This article summarizes common errors and causes for being unable to sign in to Pendo, and provides guidance on how to resolve these issues.
Product area: Pendo UI > app.pendo.io (US), app.eu.pendo.io (EU), app.jpn.pendo.io (JP), and us1.app.pendo.io (US1) (web)
Common causes of sign-in issues
This section summarizes common causes of sign-in issues and guidance on avoid or resolve them.
Incorrect details
Misspelling your username or domain can cause a sign-in error. Verify the spelling of your username and try again.
Sign-in errors also occur if you attempt to sign into the wrong subscription. If you belong to multiple subscriptions, check that you're in the right one. Locate the specific subscription in your switcher list. If you can't find the correct subscription, contact an admin user within that particular subscription to request a new invitation.
Ad blockers
Ad blockers are plug-in extensions that you can add to browsers to prevent advertisements, such as pop-up guides, from displaying on websites. Ad blockers can also disrupt the sign-in process for certain applications. To ensure a smooth sign-in experience, turn off ad blockers in your browser or add exceptions. When using a private or incognito window, most extensions are turned off by default.
Bad cache
Occasionally, your browser's cache can become corrupted, causing issues with navigating and loading different sites. Using an incognito or private window can assist in identifying if this is an issue. To resolve this, consider clearing your cache and try to log in again.
Invitation error messages
This section summarizes solutions to some errors that you might receive in specific circumstances, including:
422 invalid invitation key
This error appears if an invitation to a Pendo subscription has already been accepted or if you mis-entered the invitation link into your browser. If you haven't already accepted the invite, try re-entering the invitation into your browser.
If this doesn't work, request your company's Pendo admin to resend a new invitation. Only Pendo admin users on the account can resend new invites. You have 72 hours to accept any new invitation before it expires.
400 invitation expired
Upon being invited to a Pendo subscription by an admin user, you receive an email notification.
If you're not the first admin user of a subscription
Your email invitation to a Pendo subscription has a 72-hour expiration period, which means you have 72 hours to accept the invite before it becomes invalid. If you don't open the invite within the 72-hour expiration period, you receive an error message stating that your invitation has expired.
To address this issue, request your company's Pendo admin to resend a new invitation. Only Pendo admin users on the account can resend new invites.
If you're a first admin user of a subscription
The first user of a Pendo subscription is always an admin. This admin user may or may not already belong to another Pendo subscription, either as an admin or other Pendo user.
When a Pendo subscription is created using your email address as the first admin, you receive an email notification. If you're already a user of another subscription, the email invites you to the new subscription. If you aren't already a user of another subscription, the email prompts you to set up your password. The email invitation to create your password has a 24-hour expiration period.
This means you have 24 hours to accept the invitation before it becomes invalid. If you don't open the invite within the 24-hour expiration period, you receive an error message stating that the invitation has expired. If the expiration period passes:
- Existing users who can sign in to a different Pendo subscription using the same email address can sign in to their existing account and then switch to the new subscription using the subscription picker in the bottom-left corner of Pendo.
- Users that have never used their email to sign in to a Pendo subscription before can start the sign-in process again. Enter your email, select Next, and then select Forgot Password. Follow the instructions in the subsequent email to set up your password.
Unauthorized
When using Security Assertion Markup Language (SAML) SSO or Google login, a user must first be added to their Identity Provider (IdP) and receive an invitation to Pendo before attempting to sign in to Pendo. Confirm that your subscription admin invited you to the correct subscription and that you've accepted the invitation. The email address used in the assertion for the username must match what Pendo defines with your organization's SAML SSO administrator.
It might also be that the domain the user attempts to sign in to isn't associated with a SAML provider and the subscription enforces SAML. Ensure that the domain is associated with a SAML provider.
Emails quarantined by Microsoft Defender
If you're unable to receive password reset or account invitation emails from Pendo, this might be because Microsoft Defender sometimes flags emails containing links to Pendo as “High Confidence Phishing”. If you’re using Microsoft Outlook or Exchange as your email provider, your company's IT system might block these emails, preventing them from reaching your inbox.
To resolve this issue, your IT system administrator must release the emails from quarantine and add the email sender to the allowlist so that you can receive these emails. They can read about how to accomplish this through Microsoft’s documentation on how to Manage quarantined messages and files as an admin.
We also recommend that your IT system administrator reports the email as safe to help Microsoft identify and reduce false positives in their email detection system. They can learn how to do this through Microsoft’s How to handle Legitimate emails getting blocked (False Positive), using Microsoft Defender for Office 365.
If you’ve taken an action that would result in receiving an email and the email isn't in your IT system administrator’s email and collaboration quarantine, contact Pendo Support.
User doesn't exist in the subscription
If you haven't been added as a user in your subscription, attempting to sign in will result in an "email and password is invalid" error. This occurs because you are trying to sign in with a username and password that haven't been invited to the subscription by an admin on the account.
If you're confident that you're a valid user, select the "Forgot my password" button on the password page to receive a password reset link in your email. If you don't receive an email after an hour and you've checked your spam folder, it likely means your username wasn't added to the account. Contact the admin user on the account to ask them to add you to the subscription.
If the invite email was resent, and you haven't received the email, it could be that your email is on the suppression list. Request the admin on the account to open a ticket with Pendo Support to have your email removed from the suppression list.
Issues with SAML SSO
This section provides troubleshooting guidance for issues with SAML SSO. For information about SAML SSO, see Set up SAML SSO.
SSO button on the password page doesn't work
Until SAML is set as required, users can sign in with the SSO button on the password page. If the SSO button doesn't work, SAML might not be fully configured for your subscription yet.
If your subscription has already been configured for SAML, confirm that your access hasn't changed with the SAML SSO administrator at your organization and that ad blockers aren't interfering with the sign-in flow.
If your subscription has SAML, your user profile is still active, and the SSO button still doesn't work, contact Pendo Support.
The SSO button isn't on the password page
If SAML has been configured, but you've not been invited to Pendo, you won't see the SSO button. SAML must be configured for your subscription and the domain of the email address used in the user ID must be known to Pendo.
If your SAML configuration doesn't require SAML to sign in, you might be able to use your user ID and password instead.
If SAML is enforced, you bypass the password page and no longer need to use the SSO button. The SSO button is typically only visible when testing whether SAML is set up correctly or an ad blocker is interferring.
Contact Pendo Support if you need SAML configured for the domains for the subscription.
The “Sign In with Google” button doesn't work
If you use Google as your SAML provider, the Sign In with Google button is for OAuth access to Pendo using your Google credentials.
OAuth is not the same as SAML and is mutually exclusive. You must sign in using the Google application (IdP-initiated) or enter your email address to be redirected to your Google SAML login page.
If you prefer to use the Sign In with Google button, contact Pendo Support to have your login method changed to require Google OAuth SSO instead of SAML.
"Unauthorized" error page when I use IdP-initiated login
The domain of the email address used in the Visitor ID must be known to Pendo. Pendo confirms that the domain of the Visitor ID is on a list of allowed domains for that subscription, in addition to authenticating the user with the SAML response.
The user must be added to Pendo as well as the IdP. Check that your subscription administrator invited you to the subscription and that you accepted the invitation.
Additionally, the email address used in the assertion for the user name must match what's defined in Pendo. Check that your access hasn't changed and that the name matches what's defined in Pendo with the SAML SSO administrator at your organization.
Another possibility is that the domain that the user is attempting to sign in to isn't associated with a SAML provider and the subscription requires SAML. For more information, see Verify your domain.