Hide "login.jsf" page

Which IIQ version are you inquiring about?

8.4

Issue Summary

We are completely password-less when logging into our IdentityIQ environments. For security reasons, we now want to hide the password login page in our production environment. This question may be a Tomcat question, but I do want to check and see if there is an OOTB feature that accommodates this. If you visit the link:
https://[iiq-hostURL]/identityiq/login.jsf?prompt=true, it will always prompt for a password. When you visit the ``https://[iiq-hostURL]/identityiq/login.jsf` page, it will use the SSO method that we have configured.

Desired Result

Password login page disabled. The only way to re-enable (for a breakglass incident response scenario) is by modifying a config file or similar mechanism on a server level.

Hi @acrumley

Did you get chance to look at below relevant topics for your scenarios:

Login page directly when Single Sign-On is configured - IdentityIQ (IIQ) / IIQ Discussion and Questions - SailPoint Developer Community

Other useful links:
Pass-through authentication and single sign-on - Compass

SSO Configuration

IdentityIQ Login Configuration - Compass

Solved: Index.tml - Welcome Page - Temporarily Disable Login Page - Compass

Hello @acrumley

See if this helps

These are great resources thank you.

Tried the solutions in there. I ran into the same issue as this user who attempted the web.xml config update, but it did not work:
Unable to disable SSO bypass URL http:///spt/login.jsf?prompt=true - IdentityIQ (IIQ) / IIQ Discussion and Questions - SailPoint Developer Community

I made sure to query the specific host I was changing, but there was no change. When I tried to remove those two init entries completely, it definitely messed up. The one solution I didn’t try was the URL filter. Kind of a bummer that you have to go to that depth to hide the page.