Single Sign On (SSO)
      Back to home
      1. IdeaScale Support Center
      2. Security
      3. Single Sign On (SSO)

      SSO with Mixed Authentication / Multiple Provider Single Sign-On

      Managing SSO with Mixed Authentication / Multiple Provider Single Sign-On

       

      Path: Manage Workspace >> Security >> Single Signon Settings

      Mixed Authentication:
      This feature allows you to set-up your community with mixed authentication i.e user can either login using Single Sign-On (depending on user added to the active directory) or IdeaScale login.
       
      1. Enabling IdeaScale Email/Password login option

      Once you have setup your SSO SAML 2.0 / 3.0 in your community, under 'General Settings' you can enable 'Ideascale Email/Password Login' option and select all members or respective group from 'Members Allowed For Ideascale Email/Password Login' dropdown. This will allow either all members or selected members linked to a specific group to login via SSO as well as login with IdeaScale (SSO being the default login type).

      Screenshot 2024-09-24 at 10.58.25 PM

      You can also specify the groups you do not want to allow access using IdeaScale Email/Password option using 'Groups Not Allowed For IdeaScale Email/Password Login' option.

      Click on the space given and add from the groups name is shown in the dropdown list. 

      Screenshot 2024-09-24 at 11.02.03 PM


      2. Workspace Registration 

      By default, the system does not allow new users to register to the SSO workspace. Though you can turn ON 'Enable Workspace Registration' option to allow new users to register to the workspace and login via IdeaScale login/password.

      Screenshot 2024-09-24 at 11.06.48 PM

      Users will see the option to 'Sign Up' when they click on 'Log in With IdeaScale'

       

      Click on 'Sign Up' link to go to the registration page. See our help article https://help.ideascale.com/registration-process for details on how to complete the registration process.


      User Experience with mixed SSO:
      User will see both Log in With SSO Account as well as Log in With IdeaScale button.

       

      If you click on Log in With SSO account button, you will be taken to the SSO login page. You can use the SSO credentials to login to your community.

       

      If you click on Log in With IdeaScale button you will be taken to the standard IdeaScale login page. You can use your IdeaScale login credentials to login to your community.

       

      Multiple Provider Single Sign-On:
      IdeaScale supports Multiple Provider SSO along with the Single Sign-On for the community. Each community will have the settings to enable/disable the Multiple Provider SSO and have multiple IDP configuration. IDP configuration can be added/ edited/deleted from community settings by the administrator.
       
      How It works:
      If the Multiple Provider SSO is enabled, the community login page will have a list showing us a list of enabled IDP configured. Users can select the desired method to login to the community.

       

      When a community is set up with Multiple Provider SSO the user will get a screen like the above image. You simply need to select the appropriate SSO and login.

      Screenshot 2024-09-24 at 11.08.57 PM

      In case the email address is not passed along, users will be asked to provide it upon their first login. Though they have the option to not opt out for it by clicking on Skip.

       

      If the email address already exist in the community, user will be asked to claim it.

       

      To learn more about SAML and setup, go through the below help articles:
      https://help.ideascale.com/knowledge/saml-single-sign-on-at-ideascale
      https://help.ideascale.com/knowledge/saml-sso-with-active-directory-and-adfs-2.0-/-3.0

      Last Updated: November 12, 2024