SSO Configuration

IdentityIQ supports two different options for single sign-on (SSO) configuration, rule-based and SAML. SSO streamlines the login process for users even further than pass-through authentication by enabling the user to bypass signing in to each system, once they have completed the initial sign-on to the authenticating application.

SSO Configuration has the following options:

  • Enable Rule-Based Single Sign-On (SSO) – uses rules for Single Sign-On and Validation

  • Enable SAML Based Single Sign-On (SSO) – uses Security Assertion Markup Language (SAML) as an authentication protocol

Note: To access the IdentityIQ Login page directly when Single Sign-On is configured, use a supported browser and enter http://<iiq server>/spt/login.jsf?prompt=true.

IdentityIQ supports specifying both types of SSO in the same installation's login configuration. The order in which they are consulted during user authentication will be determined as follows:

  • If an ssoAuthenticators attribute is specified in the SystemConfiguration object, it will specify the configured SSO options in a CSV list, and the options will be checked in the order they are specified

  • If that attribute is not present, SAML SSO will be used first and then rule-based SSO