# Group SAML and SCIM troubleshooting **(SILVER ONLY)**
These are notes and screenshots regarding Group SAML and SCIM that the GitLab Support Team sometimes uses while troubleshooting, but which do not fit into the official documentation. GitLab is making this public, so that anyone can make use of the Support team’s collected knowledge.
Please refer to GitLab's [Group SAML](../../user/group/saml_sso/index.md) docs for information on the feature and how to set it up.
When troubleshooting a SAML configuration, GitLab team members will frequently start with the [SAML troubleshooting section](../../user/group/saml_sso/index.md#troubleshooting).
They may then set up a test configuration of the desired identity provider. We include example screenshots in this section.
## SAML and SCIM screenshots
This section includes relevant screenshots of the following example configurations of [Group SAML](../../user/group/saml_sso/index.md) and [Group SCIM](../../user/group/saml_sso/scim_setup.md):
-[Azure Active Directory](#azure-active-directory)
-[OneLogin](#onelogin)
CAUTION: **Caution:**
These screenshots are updated only as needed by GitLab Support. They are **not** official documentation.
If you are currently having an issue with GitLab, you may want to check your [support options](https://about.gitlab.com/support/).
## Azure Active Directory
Basic SAML app configuration:
![Azure AD basic SAML](img/AzureAD-basic_SAML.png)
User claims and attributes:
![Azure AD user claims](img/AzureAD-claims.png)
SCIM mapping:
![Azure AD SCIM](img/AzureAD-scim_attribute_mapping.png)
@@ -265,6 +265,10 @@ Specific attention should be paid to:
- The presence of a `X509Certificate`, which we require to verify the response signature.
- The `SubjectConfirmation` and `Conditions`, which can cause errors if misconfigured.
### Verifying configuration
For convenience, we've included some [example resources](../../../administration/troubleshooting/group_saml_scim.md) used by our Support Team. While they may help you verify the SAML app configuration, they are not guaranteed to reflect the current state of third-party products.
### Verifying NameID
In troubleshooting the Group SAML setup, any authenticated user can use the API to verify the NameID GitLab already has linked to the user by visiting [https://gitlab.com/api/v4/user](https://gitlab.com/api/v4/user) and checking the `extern_uid` under identities.