I am having difficulty administering for one of our organisations users.
We currently use ChatGPT Enterprise with SSO enabled (not sure if this is relevant here but ill put it in here anyway).
The user in question requires API keys to be integrated to his IDE, and thereby the involvement of the OpenAI platform. I was created as an owner in the portal by my Manager, we have successfully invited him to join, but when he does, it outputs this error after he inputs his credentials:
Route Error (400 ): {
“error”: {
“message”: “You tried signing in as \“username@domain\” using a password, which is not the authentication method you used during sign up. Try again using the authentication method you used during sign up.”,
“type”: “invalid_request_error”,
“param”: “auth0|username@domain”,
“code”: “identity_provider_mismatch”
}
}
Exact steps taken by user:
Opened invitation via Outlook to join OpenAI
Input credentials via the regular sign in on frontpage
Input code sent to his email as requested
Output message from OpenAI with error message above
At this time, I have attempted the following steps to troubleshoot:
Removed user from Platform org and re-invited multiple times
User attempted SSO login via Microsoft (fails: “account does not exist”)
User attempted password login (fails: identity_provider_mismatch)
User attempted login from multiple devices, networks, browsers, incognito
Any assistance here will be appreciated. Thank you!
I can’t directly answer with any solution, but I do know there’s some trixy stuff that has been reported in the forum before regarding ChatGPT Enterprise.
You don’t state the existing OpenAI account status of your invitee, or if they have a personal email. “Opened by Outlook” doesn’t necessarily mean your email domain is by Microsoft 365 that could be interchanged with Microsoft authentication login.
Some seen behaviors, that are not clearly “ChatGPT Enterprise” vs “Enterprise API” in my recollection: If you are inviting a user that is in your domain, i.e. their email is alice@your_company.com and that is also your OpenAI “Enterprise”, the invites go out and try to connect in a way that also employs your ChatGPT Enterprise. It could cause a problem with data loss and takeover of a personal subscription. Then another issue is automatic recognition of a domain and creation of seats just when someone signs up on their own. That behavior may transfer to API invites?
If they already have a OpenAI user login with personal data or organizations using your domain, that may conflict with some kind of forced Enterprise authentication.
If the issue is pinned to the company domain email address, you could issue a new Outlook email that has no prior connection by OpenAI to the user and no account. Then they could go through the invite flow and create the reader account anew that will have the organization. The workaround that you’d probably already know as obvious.
If they appear in your “people” and everything looks good on your end, the end-user could see if their user/pass account was migrated to authentication service login if it was merely a Microsoft consumer email account.
Hope some random thoughts and some links gets you somewhere. We don’t see much posting from those that have their own OpenAI rep in their service contract.
I’ve seen this issue with Auth0 and SSO setups before. The “identity_provider_mismatch” error usually means the user signed up with a different method (like Google or Microsoft) and is now trying to log in with a password. To fix this, have OpenAI support reset the user’s identity provider on their backend, as re-inviting alone might not work. Also, make sure the user logs in through your organization’s SSO link instead of the default login page. Thanks for sharing the steps; they help narrow down the issue.
Thank you @rawatkritika for guiding the user in the right direction & @_j for helping here.
@Daniel_Kim1 , Our developers our correct we might need to reset a few things and check the user’s connection with your org. This might require for us to take down some details and so I request you to please open a support request with us at support@openai.com and make sure to include your forum username so I can track it and provide us the case id or subject line here to make things easier. Once we have the request, i will make sure to get it sorted for you.
Finally, thanks @Foxalabs for getting this highlighted to us. Appreciate all the help community members
Hi Foxalabs, I am currently unable to verify whether we do have an accounts manager. I am representing our ICT team, and have also sent this across to support. Thanks
