Problem
A user with an HCP (Hashicorp Cloud platform) account linked to an HCP Terraform account is invited to an HCP Terraform organization with SSO enabled.
After accepting the invitation the user is not able to complete the login/authentication process and link their IdP provider e-mail with the HCP Terraform account e-mail, ending up with a 422 error.
Cause
A possible situation when this issue occurs is when the HCP Terraform organization has a team called "SSO" (with capital letters).
The "sso" team (lowercase) is reserved for HCP Terraform.
HCP Terraform creates this team automatically when the first SSO login occurs.
In case the HCP organization has "SSO" team (uppercase), then a conflict will occur and the authentication linking process will end up with a 422 error.
Solution:
You should either delete or rename the "SSO" team (uppercase).
After that, you should be able to complete the authentication/linking of the IdP provider e-mail with the HCP Terraform e-mail.
Additional Information
If you are still not able to solve your issue, please reach out Terraform Cloud support at
tf-cloud@hashicorp.support or submit a ticket via our support portal.