IIQ 8.3 P1
We are planning to enable SAML bases SSO. We have gone through ‘IdentityIQ_System_Configuration’ document, but didn’t find any checklist or best practices around enabling SSO.
Question:
May I know checklist or best practices we have to follow when we enable SAML based SSO to have SSO login working without any issues?
Thanks @Sriindugula for your reply, will go through shared Compass article.
Hi @rsingh7
if the above article is useful and you found what is required. please mark this thread as resolved.
Thanks,
Sri
I have gone through below URL
We have SAML based SSO setup, but when I am trying to use SPADMIN which is not in LDAP, it’s a local account (identity) then ‘Internal IdentityIQ Authentication’ not working for SPADMIN.
How to make this ‘Internal IdentityIQ Authentication’ method working along with SAML based SSO setup?
IdentityIQ attempts to authenticate users by all enabled methods before reporting login failure to the user. The methods are executed in this order (skipping any disabled methods):
IdentityIQ attempts to authenticate users by all enabled methods before reporting login failure to the user. The methods are executed in this order (skipping any disabled methods):
multiple authentication methods can be used together in a “failover” Configuration mode.
where do we do failover configuration?
We don’t have DR setup
Dont exist a failover configuration for Authentication, but @pravin_ranjan means that you can activated more than one configuration for use them for distinct services or if one fails another works
How do we set up order if one fails another work?
SSO login page presents it’s own login interface.
Expected order - If SSO doesn’t authenticate then should redirects to pass through authentication and if pass through doesn’t work then local credentials should work.
How to make ‘expected order’ working?
@rsingh7 pls check this document.
Pass-through authentication and single sign-on - Compass (sailpoint.com)
@rsingh7 Don’t see any document that say about order but my understanding
Try to change your identity password by select identity from identity warehouse and change the password. now try with user username and change password. if it allows then it sailpoint first choose default one then others.
but i will look for more in details if somewhere it was mentioned about order.
thanks,
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.