Removing Local Login - SSO Only

Go to solution
Community Alums
Not applicable

‎06-12-2020 06:20 AM

Good Morning,

Due to now having multiple IDPs available for sign in, we need to remove our auto redirect IDP.

We had gone to auto redirect due to people getting confused about local/external login.

I found documentation on disabling the local login for login.do which forces people to the login_locate_sso.do, but before testing implementation I wanted to see if anyone was able to verify that this did not also affect side_door.do

Thank you

Labels:
  • 4,675 Views
1 ACCEPTED SOLUTION

Go to solution
Jaspal Singh
Mega Patron
Mega Patron

‎06-12-2020 07:08 AM

Hi Simon,

 

Not completely sure but we had disabled login.do for some business demands but still side_door.do was accessible. Similar should be the case for you as well.

I don't have any documentation for above for a reference or check but is actual tested behavior.

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
Jaspal Singh
Mega Patron
Mega Patron

‎06-12-2020 07:08 AM

Hi Simon,

 

Not completely sure but we had disabled login.do for some business demands but still side_door.do was accessible. Similar should be the case for you as well.

I don't have any documentation for above for a reference or check but is actual tested behavior.

0 Helpfuls

Go to solution
Community Alums
Not applicable

‎06-24-2020 01:01 PM

So I found a way around this, as even working with SN we couldn't disable local logon...

I made a new portal called logon, then followed this HI portal KB:

https://hi.service-now.com/kb_view.do?sysparm_article=KB0758382

but modified it to point at the logon portal, that has just a logon page with a modified login widget to only show the external SSO option.

so now when you hit the instance URL it loads that portal, you input your user ID and it redirects you to the correct sso.

Go to solution
Matthew G
ServiceNow Employee
ServiceNow Employee

‎10-14-2022 08:18 AM - edited ‎10-14-2022 08:41 AM

Setting property `glide.authentication.external.disable_local_login` to `true` will disable local login. Consider also modification of your installation exit if you want to do, say, a white-list approach for local login.

Go to solution
pbusch
Tera Expert
In response to Matthew G

‎12-22-2024 08:08 AM

Thank you for this helpful tip. Is it understood that with this sys_prop set to TRUE that any and all attempts to authenticate with a single-auth//local-login portal will always be forced through the SSO flow?

 

Thanks!

~ "Breynia Disticha"
0 Helpfuls