The scenario is as follows:

• user is attempting to access the WebUI, logging in via SAML2
• the user has previously logged in via FBA, or currently has an FBA identity
• FBA password expiry is configured for the system

In this situation, when the user attempts to log in, their FBA identity is triggering the password expiry warning prior to accessing the external authentication server:

There are two possible ways to work around this problem:

• Have them change their FBA password, thus resetting their password expiry countdown
• Remove their FBA user and password from the database

Removing the FBA user details from the database can be done as follows:

• Ensure nobody is using Ideagen Internal Audit (Aura)
• Back up the database, and ensure the backup is valid
• Run the following SQL, editing the first line so that the correct UPN is specified:
  

  DECLARE @UserToDelete NVARCHAR(200) ='YourUser@domain.com';
  DELETE FROM webpages_Membership WHERE USERID = (SELECT UserId FROM Users WHERE UserName = @UserToDelete);
  DELETE FROM Users WHERE UserName = @UserToDelete;