Block user logon when user info don't meet condition

Which IIQ version are you inquiring about?

8.3

Share all details about your problem, including any error messages you may have received.

The customer require when user logon, need check the user info to confirm user is not vender, if user don’t meet condition, block user logon, Could we take plugin for the requirement or need modify loginInclude.xhtml?

I have try to use plugin, document.getElementById(‘loginForm:loginButton’), from console window, no any output.

We use Microsoft Active Directory for pass-through authentication.

Please help, thanks

Hi @davihsu,

There is no direct way you can do this. But having said it If you are using pass-through authentication, then you may use application’s correlation rule to prevent user’s login by checking if the user is invalid.

Also, for the above use-case you have to see it does not disrupt your normal application account correlation.

Thanks

Please detail more “you may use application’s correlation rule to prevent user’s login by checking if the user is invalid”? Do you mean in the rule, return something when user finish AD auth?

Hi @davihsu,

@ashutosh08 refers on this point of login configuration:

image1202×547 99 KB

@ashutosh08 correct me if I’m wrong

Also, if you SSO for login, you can use the relative rule, there you can find the guide:
https://community.sailpoint.com/t5/Technical-White-Papers/IdentityIQ-Login-Configuration/ta-p/76904

if the account is manual correlated to an identity, what will happen?

Hi @davihsu,

It is correct only what @enistri_devo have mentioned. As per my understanding your rule should be evaluated to get the identity in all cases. You may try to configure and let us know your observation if there is deviation.

Thanks

Thanks, I will try it

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.