0
edits
Changes
no edit summary
* By default, SSO acts as an additional method of authentication. If you wish to enforce the use of SSO, and restrict the regular username and password authentication, you can do so with the Global Settings -> Integration -> Enforce SSO setting which allows you to restrict a set of user roles to only be able to login through SSO.
* Bypass Two Factor Authentication - if the user has a role that has [[Two-Factor Authentication]] enabled, this setting will control whether or not the user will have to provide their Time Based One Time Password (Two-Factor) when accessing the system via SSO, or if SSO will bypass the Two-Factor requirement.
* * ''This feature can, for example, be used to allow users to access SmartSimple using SSO when they are within your office network, but also access SmartSimple from other locations using their username & password with the additional security provided by two-factor authentication.''
===Identity Provider Configuration - Client-Side System===
<!--
==Cipher encrypted reference==
<span class="mceNonEditable template" id="bs_template:@@@TPL0@@@" data-bs-name="Template:Deprecated-sm" data-bs-type="template" data-bs-id="0"><span class="mceNonEditable template" id="bs_template:@@@TPL0@@@" data-bs-name=" Template:Deprecated-sm" data-bs-type="template" data-bs-id="0"><span class="mceNonEditable template" id="bs_template:@@@TPL0@@@" data-bs-name=" Template:Deprecated-sm" data-bs-type="template" data-bs-id="0">{{ Template:Deprecated-sm }}</span></span></span>
The SmartSimple cipher-encrypted reference SSO is accessed by passing parameters in the URL, including an encrypted token, for authentication.