Help with SSO
Comments
-
[font=Roboto, Arial, Helvetica, sans-serif]I am looking for support regarding SSO and Azure AD. [/font]
It has been configured by following guides:
[url=https://documentation.decisions.com/docs/setting-up-sso-for-azure-ad]https://documentation.decisions.com/docs/setting-up-sso-for-azure-ad[/url]
[url=https://documentation.decisions.com/docs/single-sign-saml]https://documentation.decisions.com/docs/single-sign-saml[/url]After completing the login I get the error that the user is not configured for SAML use. When I check the user the user identifier is set to the users email and I can see that this is coming back in the SAML response but still it says the user is not configured for SAML. Any help is much appreciated.
Also when enablesinglesignon is enabled in settings.xml, I can still log in with a local account.
-
It would appear that the accounts that the portal is reporting as not configured for SAML are accounts that were created within Decisions. Decisions accounts have an authentication_type field that set to Password when they are created locally. There are at least two approaches to fixing the X account is not configured for SAML issue:
1. Delete the accounts and have the users sign via SSO - the accounts will automatically be created on their first sign-in
2. Convert the existing accounts from native Decisions accounts to SAML accounts by running the following queries from SMSS or the built-in [url=https://documentation.decisions.com/docs/query-editor]Query Editor[/url]:[ul][li]update entity_account set authentication_type = [SAML/OpenID/Okta]’ where account_id not like %ACCOUNT
[/li][/ul][ul][li]update entity_account set identity_provider_id = [insert provider ID here] where account_id not like %ACCOUNT[/li][/ul][b][i][u]
[b][i][u]
[/u][/i][/b]
USAGE[/u][/i][/b]
[b]
[/b]
For the first query - replace [SAML/OpenID/Okta] with whichever of the three options corresponds to the type of SSO used.
[b]
[/b]
For the second query - you will need an account already created through SSO. If you do not have this yet, instruct a user to login to Decisions using SSO. They only need to log in. Get the value from the ‘identity_provider_id’ for the already existing account. This will be a GUID or string of numbers, letters, and dashes. That GUID goes in the second query as the value.[i]Note: SQL queries executed against a Decisions database or changes to settings.xml will not be reflected in Decisions itself until Service Host Manager has been restarted from System > Restart Instance or by opening Services in Windows and restarting the service manually.[/i]
[i]edited by james.hartzell@decisions.com on 7/17/2020[/i]
Howdy, Stranger!
Categories
- 4.2K All Categories
- 67 General
- 11 Training
- 202 Installation / Setup
- 1.1K Flows
- 106 Rules
- 262 Administration
- 212 Portal
- 490 General Q & A
- 695 Forms
- 333 Reports
- 3 Designer Extensions
- 47 Example Flows
- 52 CSS Examples
- 1 Diagram Tile
- 7 Javascript Controls
- 179 Pages
- 5 Process Mining
- New Features
- 179 Datastructures
- 69 Repository
- 221 Integrations
- 28 Multi-Tenant
- 27 SDK
- 78 Modules
- 56 Settings
- 25 Active Directory
- 12 Version 7
- 35 Version 8
- 83 Lunch And Learn Questions