Help Center/ Virtual Private Network/ Troubleshooting/ Client Connection Failures/ When a User Uses Federated Authentication to Log in to the Client, the Browser Displays the Error Message "The user does not have the vpn:system:loginP2cVpnBySSO permission. Contact the administrator to add the permission."
Updated on 2026-05-14 GMT+08:00
View PDF

When a User Uses Federated Authentication to Log in to the Client, the Browser Displays the Error Message "The user does not have the vpn:system:loginP2cVpnBySSO permission. Contact the administrator to add the permission."

Symptom

When a user uses federated authentication to log in to the client, the browser displays a message indicating that the authentication fails.

Error message: The user does not have the vpn:system:loginP2cVpnBySSO permission. Contact the administrator to add the permission.

Possible Causes

The current user does not have the vpn:system:loginP2cVpnBySSO permission.

Procedure

Contact the administrator to add the VPN SSOAccessPolicy permission. The procedure is as follows:

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. Click in the upper left corner of the page, and choose Management & Governance > Identity and Access Management.
  4. Choose User Groups from the navigation pane.
  5. Click Authorize in the Operation column of the created user group.
  6. In the search box in the upper right corner, search for VPN SSOAccessPolicy and select it.
  7. Click Next and select the authorization scope as required.
  8. Click OK.