"Login with SSO" -link on Login Page with IdP-initiated SSO

jnte3355 · 4 weeks ago

Hello,

How could I get rid of the link on Login page "Login with SSO" (Polaris) or "External Login" (UI16)?

We are using both SSO and local login, however the SSO is always IdP-initiated, so this link (and the User name dialog that it leads to) don't make sense and only confuses users.

Thanks,

Johan

Marcos Kassak · 3 weeks ago

@jnte3355,

For further clarification, you want users to authenticate automatically and get redirected to either Portal (if user does not have roles) or Fulfiller view (if they have roles). Is that the case?

jnte3355 · 3 weeks ago

@Marcos Kassak : First, thank you for your interest in the issue!

First one correction. I called it "IdP-initiated SSO" and this is not the case - the ServiceNow instance (Service Provider) is initiating the actual SSO handshake.

The normal flow is that a "SSO user" is first logging in through a Central portal (non ServiceNow) and a central IdP. When the user connects to the ServiceNow instance the SSO is (automatically) initiated - against the central IdP - and user is automatically logged in. This works as intended.

Then there is a smaller group of users that have direct login access. They have to use a specific URL leading to login.do. For these, the link "Login with SSO" makes no sense, and there is no real use case for any of the two groups of users to first open the login page, then (manually) initiate SSO.

So it is not about SP or Fulfiller (backend) view, but rather there are two different login flows - direct and SSO. Of course there are minor variants of the flows depending on user's exact actions, however none of these makes the "Login with SSO" -link relevant.