- Activate Mutli-SSO plugin (com.snc.integration.sso.multi.installer)
- Enable this property (admin role required) glide.sso.acr.enabled
- Administrator must set a password for local login and register MFA before enrolling as an ACR user (click on related link on user profile enable account recovery)
- Enable glide.authenticate.multisso.enabled
- Try to login with login.do in the instance as a acr user you should be able to login (6 digit mfa code should be asked) as a sso recovery user.
Before enabling glide.sso.acr.enabled property
(Enable account recovery is not seen) as shown below:
after enabling glide.sso.acr.enabled property
(Enable account recovery is seen) as shown below :
(Admin has to set local pwd for login & should be able to login with the same password from Login.do url)
Findings
When user is not an acr user and trying to login with login.do (uid and pwd) He will not be able to login.
If the account recovery is enabled, then all the local logins will be disabled except for the ACR users.
When you try to hit the login with username and passwords, you get username / password invalid error.
If you want to use any local logins, then without enabling the account recovery, you can use both SSO and local login methods.
Account Recovery is an option to choose if the organization imposes only SSO login mechanism.
Also, if you use integration users with local authentication, then you should switch to Oauth 2.0 mechanism if you use Account recovery.