Users Who Are Authenticated Using Agile Controller SSO Cannot Access Network Resources

User objects of the R&D and marketing employees do not exist.

Possible causes and the troubleshooting procedure are as follows:

1. The Agile Controller is incorrectly configured.

   Check the Agile Controller configuration. The parameter settings of the Agile Controller must be consistent with those on the FW.

2. The number of online users reaches the upper limit.

   Choose Object > User > Online User and check whether the number of online users reaches the upper limit.

User objects of the R&D and marketing employees exist.

Possible causes and the troubleshooting procedure are as follows:

1. User objects of the R&D and marketing employees are locked out.

   Choose Object > User > Online User and check for the user objects that are locked out. If the user objects of the R&D and marketing employees are locked out, unlock them.

2. The R&D and marketing employees are new users and have been added to the group to which permissions are incorrectly specified.

   Choose Object > User > Authentication Domain of the User and find the temporary group used for Agile Controller SSO. Then use the temporary group to search for security policies that reference this group and verify that the security policies and profiles do not block the traffic from the R&D and marketing employees.

3. The security policy is incorrectly configured.

   Choose Policy > Security Policy > Security Policy, use the user names of the R&D and marketing employees to search for all security policies that reference the user objects, verify that the security policies and profiles do not block the traffic from the R&D and marketing employees.

   Choose Monitor > Log > Policy Matching Log, enter the user names or source addresses of the R&D and marketing employees to search for all matched security policies, and verify that the security policies and profiles do not block traffic from the R&D and marketing employees.