The CreatorCon Call for Content is officially open! Get started here.

When SSO logged in, how to skip the local login authentication?

menghui
Tera Expert

‎11-26-2023 05:08 PM

Hello everyone,

 

We will have multiple SSO certifications in the future.

Is there a way to redirect users to their respective SSO authentication addresses and bypass Portal local login when SSO is already logged in?

 

This seems related to the login widget of the portal. Look at the picture. Can we get the SSO login information in the browser?

 

Best Regards

Preview file
215 KB
0 Helpfuls
  • 1,740 Views
3 REPLIES 3

AnveshKumar M
Tera Sage
Tera Sage

‎11-26-2023 06:35 PM

Hi @menghui 

1. You can not dynamically direct an user to their respective SSO Identity Provider. The possible options are,

 

Option 1: You can populate user SSO Source field in sys_user record with sys_id of their respective Identity Provider. Do not configure any Auto Redirect IDP, but multiple IDP can be active and any one of them can be Default. This way, when the users enters their email ID in the Login with SSO page, it will find the SSO from which the user should be authenticated based on the SSO Source stored in their user record, if there is no SSO Source for that user he will be taken to default SSO IDP.

 

Option 2: Create a portal page and have links to your different SSO Identity providers then set it as default login page. User has to click on the respective link to login. 

 

2. Coming to your second question, If the SSO is properly configured and the user is already logged in to ServiceNow, he will not be taken to login page he will be taken to the respective landing page directly. If the user is not logged in and you have enabled Auto Redirect IDP for any one of the IDP, the user will be directly taken to that IDP SSO page.

 

 

Please mark my answer helpful and accept as a solution if it helped 👍

Thanks,
Anvesh
0 Helpfuls

menghui
Tera Expert

‎11-26-2023 09:15 PM

Hi, @AnveshKumar M 

Thanks for you reply. Apologies for not being clear about the description of my problem。

It is not logged in servicenow.
For example.
I set up IBM's SSO authentication for ServiceNow。
When i logged in IBM website with sso. I would like to access the knowledge of the ServiceNow Portal directly via link like 「https://instancename.service-now.com/sp?id=kb_article&sysparm_article=KB00xxxxx  」


When I have logged in with SSO, I think I need not to login when I enter ServiceNow portal but the local login page still appears. When i set the default idp , the local login page will not appear but the other people will all be redirected to the default idp(The login widget's client script). 

So I'm wondering if there's a way to get users with different SSOs to be redirected to the corresponding SSOs so that local logins can be bypassed

Best Regards

0 Helpfuls

AnveshKumar M
Tera Sage
Tera Sage
In response to menghui

‎11-26-2023 09:54 PM

@menghui 

Unfortunately in ServiceNow we can route the user directly via their respective SSO. It will always consider the Default IDP as SSO.

 

For all other non default IDPs you have to explicitly route them.

 

This dynamic approach we tried implementing some time back with no luck.

Thanks,
Anvesh
0 Helpfuls