search

SSO Disabled Post Management Plane Upgrade

hashtag
Problem

  • SSO appears disabled in the UI after upgrading the PCD management plane, but the backend SSO configuration is functioning correctly.

hashtag
Environment

  • Private Cloud Director - till v2026.6-159

  • Self-Hosted Private Cloud Director - till v2026.6-159

  • Component: SSO

hashtag
Cause

  • After upgrading from the FEB release to the APR release, the "Enable SSO" flag appears disabled in the Enterprise SSO UI section, even though SSO is actually configured and functional (e.g., SAML group details are visible).

  • The issue occurs because the signing attribute is not included when creating the SSO config, and fetching it later from Consul fails. As a result, the UI treats the SSO setup as incomplete and displays the "Enable SSO" flag as disabled. The bug was tracked in PCD-2029 and is now fixed with v2025.7-47 and above releases.

hashtag
Diagnostics

  • After upgrading the PCD management plane, navigate to Settings > Enterprise SSO in the user interface. The SSO feature will be disabled following the upgrade.

hashtag
Workaround

circle-info

For PCD (SaaS) users, the platform9 support team will apply the steps below. Please open a Support Ticketarrow-up-right.

For Self-Hosted PCD users, perform the steps below from the management plane cluster.

  1. Install consul CLI, refer this documentationarrow-up-right.

  2. Get hagrid deployment configuration.

  1. Search inside the hagrid-deployment.yaml file for below variables.

    1. CONSUL_HTTP_ADDR

    2. CONSUL_HTTP_TOKEN

    3. CUSTMOR_ID

  2. Export values into current shell session.

  1. Once the environment is configured, run the following command to store the signing flag.

hashtag
Validation

  • Navigate to Settings > Enterprise SSO in the user interface. The SSO feature will be enabled.

PreviousUnable to Reconfigure SSO in PCD UI Using the Same Entity IDNextVMHA Fails to Work When Host Loses Connection to Shared Storage

Last updated