- From Entitlements select the entitlement that shows the "Entitlement contains at least one invalid policy" warning
- Select the "Access Request Policies"
- Click on the Access Request Policy and ensure the "Session Settings" refer to a valid SPS Connection Policy
The SPS Connection Policy settings on SPS should be as below:
- Must be inband destination
- Require web gateway authentication must be unchecked
- Authentication policy
○ Keyboard Interactive must be true and password authentication must be true
- Must reference the SGAA AA plugin
- Must reference the SGCredstore plugin
- Must be set to "Inband destination selection"
- Require "Require Gateway Authentication on the SPS Web Interface" must be unchecked
- The referenced "AA plugin" must be set the SGAA plugin
- The referenced "Credential Store" must be set to External Plugin SGCredStore
- The referenced "RDP settings", must have "Enable Network Level Authentication" ticked, and "Require domain membership" unticked.