Split SSO users and non-SSO users?

Uncle Rob · ‎01-17-2018

I have a collection of external users that use the instance in a consuming capacity. They go to the catalog and report issues.
These users are not part of the company's normal directory or IDM capability.
Now that Okta is being leveraged for authentication, I've got everything working fine... but still need a solution for these dozen or so users. I can't force these external users to use Okta.

Now... as I understand it, using Multi Provider SSO, the user is going to be redirected to the IDP's login.... so its not like I can detect who they are and just bypass the Okta log in.

Is there a clever way to set up so some users use SSO, and some don't?

dravvyramlochun · ‎01-17-2018

Hello Robert,

Have a look at Re: SSO for only some users

mukulgupta · ‎01-17-2018

Hi Robert,

You can try the following:

NOTE: Empty the value of glide.authenticate.sso.redirect.idp sys_property, if already exist. (DO NOT DELETE THE PROPERTY)

---- This will help the All the Users (Wheather SSO on non-SSO) to land on the ServiceNow local login page and not automatically get redirected to the IDP login page.

---- SSO users will need to click "Use external login" for to land on IDP login page and do SSO authentication, this will save the sys_id of the identity provider record in a cookie (glide_sso_id cookie) in their browser. Once they have successfully logged in for the FIRST time and from then on if the SSO users try to access the instance URL they will automatically start getting redirected to the IDP login page without clicking "Use External Login"

Best Regards,

Mukul Gupta