Path: Community Settings >> Security >> Single Signon Settings
Mixed Authentication:
This feature allows you to set-up your community with mixed authentication i.e user can either login using Single Sign-On (depending on user added to the active directory) or IdeaScale login.
1. Enabling IdeaScale Email/Password login option
Once you have setup your SSO SAML 2.0 / 3.0 in your community, under 'General Settings' you can enable 'Ideascale Email/Password Login' option and select all members or respective group from 'Members Allowed For Ideascale Email/Password Login' dropdown. This will allow either all members or selected members linked to a specific group to login via SSO as well as login with IdeaScale (SSO being the default login type).
You can also specify the groups you do not want to allow access using IdeaScale Email/Password option using 'Groups Not Allowed For IdeaScale Email/Password Login' option.
Click on the 'Add Groups' button to open up the pop-up box where you can search for the required group.
Selecting and assigning the group will show a success message. The group name with an option to 'Unassign' will be visible under the section now.
2. Community Sign up
By default, the system does not allow new users to register to the SSO community. Though you can turn ON 'Enable Community Sign up' option to allow new users to register to the community and login via IdeaScale login/password.
Users will see the option to 'Sign Up' when they click on 'Log in With IdeaScale'
Click on 'Sign Up' link to go to the registration page. See our help article https://help.ideascale.com/knowledge/registration-process-for-a-standard-user for details on how to complete the registration process.
User Experience with mixed SSO:
User will see both Log in With SSO Account as well as Log in With IdeaScale button.
If you click on Log in With SSO account button, you will be taken to the SSO login page. You can use the SSO credentials to login to your community.
If you click on Log in With IdeaScale button you will be taken to the standard IdeaScale login page. You can use your IdeaScale login credentials to login to your community.
Multiple Provider Single Sign-On:
IdeaScale supports Multiple Provider SSO along with the Single Sign-On for the community. Each community will have the settings to enable/disable the Multiple Provider SSO and have multiple IDP configuration. IDP configuration can be added/ edited/deleted from community settings by the administrator.
How It works:
If the Multiple Provider SSO is enabled, the community login page will have a list showing us a list of enabled IDP configured. Users can select the desired method to login to the community.
When a community is set up with Multiple Provider SSO the user will get a screen like the above image. You simply need to select the appropriate SSO and login.
In case the email address is not passed along, users will be asked to provide it upon their first login. Though they have the option to not opt out for it by clicking on Skip.
If the email address already exist in the community, user will be asked to claim it.
To learn more about SAML and setup, go through the below help articles:
https://help.ideascale.com/knowledge/saml-single-sign-on-at-ideascale
https://help.ideascale.com/knowledge/saml-sso-with-active-directory-and-adfs-2.0-/-3.0