Logout Issues with SSO Configuration in IdentityNow

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hello everyone,

We are currently configuring SSO with Entra ID for IdentityNow, and while the login process works correctly, we are experiencing an issue during the logout phase. After logging out, users are automatically logged back in, which poses a security concern.

We have followed the setup guide from Microsoft: Tutorial: Microsoft Entra SSO integration with SailPoint Identity Security Cloud - Microsoft Entra ID | Microsoft Learn. However, I’ve noticed that when logging out, the browser displays the Login URL.

Has anyone encountered this issue before? Any suggestions on how to properly resolve the logout functionality? Your help would be greatly appreciated!

Thank you!

2

@AntonioGvtt Have you configured the Logout URL under Service Provider? navigate to (Global → Security Settings → Service Provider)

Configure

https://<Org Name>.login.sailpoint.com/signout
3

Hello @shekhardas1825 , thank you for responding. Yes, we have tried entering the logout URL that appears in the documentation: “In the Logout URL field, enter the value https://.login.sailpoint.com/signout”, but in that case, it automatically reconnects. We have also tried using the URL indicated in the “Set up SailPoint Identity Security Cloud” section in Microsoft Entra SSO, but it shows the following error:
“Sorry, but we’re having trouble signing you in.
AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.”

4

Hi @AntonioGvtt,

Try clearing your browser’s cache or try the process in incognito mode.

Thanks!

5

Hello @varshini303 , thank you for responding.

We have tried both cases, but the problem persists.

Thanks!

6

@AntonioGvtt

Keep the ‘Logout URL’ field under ‘Identity Provider Setting’ as blank and retest your scenario once.

Thanks

7

From documentation…in case you were expecting it:

image
image774×116 2.46 KB

Also notice the rather specific wording of “after”:

image
image725×45 2.47 KB

i.e. It’s out a logout URL…but rather…post-logout URL.

Putting the two together, there’s no SLO, and you would only get a redirection. Nothing was cleared on logout.

8

Hello @Anshu_Kunal , thank you for responding.

We have tried with the parameter as blank, but the problem persists.

Thanks!

9

Hi @RandomUser4096 thanks for your advice!

Oh, I understand now. In that case, I need to be redirected to the login page, but understand that I’ve already logged in previously, so instead of logging me out, it should log me back in if I enter the URL https://****.identitynow.com/login.

10

Found this article on Sailpoint community site

image
image972×527 27.1 KB

Hope this help.

Thanks

11

@AntonioGvtt you can try this URL on the Logout URL : “Sign in to your account” , it simply redirects the user to the office apps page.

12

Hello everyone,

The issue was resolved by using the following link: Sign out

The difference between this URL and the one mentioned earlier in the comments is the ‘w’ in wsignout1.

Regards,
Antonio

13

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.