ZTNA Enrollment Failure - IDP config for Organisation cannot be found.

Issue

Users are unable to enroll in Zero Trust Network Access and experience Single Sign-On failures. The enrollment process fails with the specific error message:

IDP config for Organisation OrgID cannot be found.

Environment

• Secure Access

• Recent changes: Identity and group configuration modifications in Secure Access

• Authentication method: SAML configuration

Resolution

“IDP config for Organisation OrgID cannot be found” occurs when the tenant (OrgID) does not have an Identity Provider configuration mapped for authentication.

The steps outline the resolution process:

Check SSO Authentication

Access Cisco Secure Access Dashboard.

Navigate to Connect - User and groups. Click Configuration Management.

Under SSO Authentication tab make sure we have it configured.

Follow https://securitydocs.cisco.com/docs/csa/olh/118914.dita on how to configure.

inline_image_0.png

Validate ZTNA Enrollment

After recreating the SSO Authentcation, test the ZTNA enrollment process to confirm that users can successfully enroll and access Zero Trust Access as expected.

Cause

The root cause of this issue was the inadvertent removal or corruption of the SSO authentication method configuration during recent user and group changes in Secure Access.

When the SAML configuration is missing or improperly configured, the system cannot locate the Identity Provider configuration for the specific organization, resulting in the "IDP config for Organisation cannot be found" error during ZTNA enrollment attempts.

Related Content

• Cisco Technical Support & Downloads

Revision History

Revision	Publish Date	Comments
1.0	14-May-2026	Initial Release