--- descriptions: authentication_errors: connection_ids: > A list of SSO [connection](/reference/sso/connection) IDs that the user is required to authenticate with. One of these connections must be used. optional_pending_authentication_token: > A token that should be used to complete the authentication with the `authorization_code` grant type after this error occurs. This may be `null`, which indicates that no pending authentication token needs to be passed to the authenticate call. reference: json: - key: sso_required_error id: sso_required_error url: /reference/authkit/authentication-errors/sso-required-error title: sso_required properties: - key: error type: '"sso_required"' description: (authentication_errors.code) - key: error_description type: string description: (authentication_errors.message) - key: email type: string description: (authentication_errors.email) - key: connection_ids type: array description: (authentication_errors.connection_ids) - key: pending_authentication_token type: string optional: true description: (authentication_errors.optional_pending_authentication_token) originalPath: >- .tmp-workos-clone/packages/docs/content/reference/authkit/authentication-errors/sso-required-error.mdx --- ## SSO required error This error indicates that a user attempted to authenticate into an organization that requires SSO using a different authentication method. It includes a list of SSO connections that may be used to complete the authentication. When this error occurs, you’ll need to use one of the SSO connections from the error to [get the authorization URL](/reference/authkit/authentication/get-authorization-url) and redirect the user to that URL to complete the authentication with the organization’s identity provider.