A user will report not being able to log in via ADFS. They will be redirected back to their ADFS instance with an error message. The log entry for their authentication request will have the following error message:
Exception Samlr::FormatError during validation at 1496848716: Invalid SAML response: assertion missing
When you decode the assertion, you’ll see all of the necessary metadata, but no user information (example attached.) At the very least, an email address is necessary for authentication.
SAML SSO (Professional and Enterprise)
The user has set up their claims rules improperly. Claims rules are what determines which fields in ADFS to send into Zendesk as user fields. The "Setting up single sign-on using Active Directory with ADFS and SAML" article walks customers through the process of setting up SSO using just the email address, so if the customer doesn’t do that step properly, no information is sent and the authentication request fails. Confirm with the customer that they went through Step 2 of the setup doc correctly. Request screenshots of the "choose rule type" screen and the "configure claim rule" screens in the setup wizard to confirm that they have everything set correctly. For example, selecting “Name” for the Outgoing Claim Type instead of “Name ID” is a common error.