>

AD User Signed in via SSO

Answered

Comments

8 comments

Date Votes
  • Mike Johnson

    Seth Halvaksz - Can you get this routed to the correct person?  Might need to do some research on if there are real world reasons to allow this.

  • Seth Halvaksz

    Mike S - SSO can use Active Directory as the identity provider. What you described above is expected behavior.  I'm not sure i understand the question.

  • Mike Schepker

    In this case they are two different providers. One is their IDP that is SSO. The other is Momentus Active Directory, which is what this user is set up to use. If the user that is set up to use Momentus Active Directory clicks on the SSO link that takes the user to their organization's IDP and signs in, it logs them into Momentus. They never authenticated against Momentus Active Directory despite that being the authentication set up on the user. 

  • Seth Halvaksz

    Mike, i looked into this.  You need to verify the setting on the web configuration utility.  If its set to “Defined Per User” then it uses the user's auth setting. Otherwise it doesn't.

    Here's the relevant article.  It could be clearer to say that the other authentication types will ignore the individual user authentication setting.

    https://supportcenter.ungerboeck.com/hc/en-us/articles/360011192594-Authentication-Types
     

    Screenshot:

     

  • Seth Halvaksz

    Tagging @...  for review/update of the KB articles to make sure this is clear (and/or may need to link to the web configuration article on the main SSO page)

  • Mike Schepker

    Hi Seth,

    I mentioned in the initial post that they are set to Defined Per User already, which is how some users are able to login with SSO and some are able to log in with Momentus AD, which is working fine. The ‘problem’ here is a user set up to use Momentus AD was able to log into Momentus using SSO. So we are authenticating the user using SSO when they aren't set up to use SSO for authentication. 

    Thanks,

    Mike

  • Seth Halvaksz

    Got it. Clarified these additional details:

    • The Auth Configuration on a user has no effect if using a SSO IDP
    • It is only looked at if the user is using the Momentus Sign-in interface
    • The log entry is using SAML, which means they used their SSO IDP

     This doesn't appear to be reflected in documentation, so will ask Linda to update.

  • Mike Schepker

    Hi Seth,

    Perfect, that's what I needed to know. Thank you!

Please sign in to leave a comment.