- Activate Mutli-SSO plugin (com.snc.integration.sso.multi.installer)
- Enable this property (admin role required) glide.sso.acr.enabled
- Administrator must set a password for local login and register MFA before enrolling as an ACR user (click on related link on user profile enable account recovery)
- Enable glide.authenticate.multisso.enabled
- Try to login with login.do in the instance as a acr user you should be able to login (6 digit mfa code should be asked) as a sso recovery user.
Before enabling glide.sso.acr.enabled property (Enable account recovery is not seen) as shown below:
after enabling glide.sso.acr.enabled property (Enable account recovery is seen) as shown below :
(Admin has to set local pwd for login & should be able to login with the same password from Login.do url)
Findings
- When user is not an acr user and trying to login with login.do (uid and pwd) He will not be able to login.
- If the account recovery is enabled, then all the local logins will be disabled except for the ACR users.
- When you try to hit the login with username and passwords, you get username / password invalid error.
- If you want to use any local logins, then without enabling the account recovery, you can use both SSO and local login methods.
- Account Recovery is an option to choose if the organization imposes only SSO login mechanism.
- Also, if you use integration users with local authentication, then you should switch to Oauth 2.0 mechanism if you use Account recovery.
Related Posts
Library
