What happens when an individual uses Single sign-on?
If Single sign-on has been enabled, the Log in page will have a single select drop-down field called Single sign-on.
All enabled Single sign-on configurations will be listed.
The Email and Password fields are always shown on the Log in page, as some users may not be set up with Single sign-on.
When a user selects Single sign-on
If the user is logged into the Single sign-on provider and they:
- have an active user account in Autologyx which matches their email address, they will be taken straight to the landing page
- have a non-active account in Autologyx which matches their email address, the account status will change to active and an activation date is set to the first SSO login date, and the user will be taken to the landing page
- do not have an account in Autologyx, they will see an Access denied error message
NB: see below for system behaviour when Automatically create user is enabled in the Single sign-on configuration
If the user is not logged into the Single sign-on provider, they will be redirected to the provider's login page. After successful authentication in the provider service, the user should be logged (or not) into Autologyx according to the scenarios described above.
Automatically create user
Note that Rachel Chambers does not have a user account in this system.
If the Automatically create user feature is enabled in the Single sign-on configuration and a user who does not have an account in your Autologyx system is logged into the Single sign-on provider, a new account will be created for them when they use this log in method.
The user account fields will be populated as follows:
- Email: from email address stored with Single sign-on provider
- Account type: Standard. Users created via this method will always be given a Standard Account type.
- First name: from SSO API user information
- Last name: from SSO API user information
- Account status: Active
- Roles: these are configured in the Single sign-on settings in the field Roles to assign to created user. You will note that a maximum of 10 roles can be assigned.
Following successful log in, the user will have access to the parts of the system determined by the role or roles they have been allocated.
Having logged in to Azure and selected this provider in the Single sign-on option of the log in page, Rachel Chambers has been created as a user with a Standard Account type and been assigned the role specified in the Single sign-on configuration.
