Share all details related to your problem, including any error messages you may have received.
We have been following IdentityIQ_System_Configuration document and found below
To access the IdentityIQ Login page directly when Single Sign-On is configured, use a supported browser
and enter http:///spt/login.jsf?prompt=true.
Questions:
Does above URL bypass SSO login?
What if SSO is enabled and somebody has already bookmarked above direct URL, in that case SSO login will be bypassed, how to enforce SSO login even above URL is hit?
How can we restrict e.g., spadmin or SailPoint admins only have access to above URL and all other regular users are using SSO login?
yes its possible use both mode(SSO and normal login) for the same environment. For acces with normal login you need to configure a pass throght application or have set a pwd on sp identity
You can configured this on the network side, for admin you can redirect to normal login page for the others to ss page
but if you suppress the page, you will do for everyone.
For me the better solution is active de SSO and later you manage by rule the directly access to SP or if a user must be login from themail page.
I suggest to you use the SSO for everyone, especially for admins.
Other best practice is that every admins use own identity and not spadmin account
We have SAML based SSO setup, but when I am trying to use SPADMIN which is not in LDAP, itās a local account (identity) then āInternal IdentityIQ Authenticationā not working for SPADMIN.
How to make this āInternal IdentityIQ Authenticationā method working along with SAML based SSO setup?
IdentityIQ attempts to authenticate users by all enabled methods before reporting login failure to the user. The methods are executed in this order (skipping any disabled methods):