SAML claim authorisation per forum
Hi guys,
Again, love the product and continue to be impressed by the great service.
I believe a useful case for Single Sign On is to allow authorisation to Forums and Knowledge bases based on a claim coming from a Single Sign On authentication.
The prime use case I can think of for that is this scenario:
* We use an Internet Single Sign On source for our company logins to all systems.
* We are also building a Business to Consumer Directory for our consumers to allow them access to multiple systems, including UserEcho.
As we can only federate to one IdP in UserEcho (and most SaaS applications), it would be useful for us to stand up an STS that allows us to direct a user to either system, and provide single sign on for both our employees and our end users, and insert a claim based on which department or directory they come from.
In the configuration screen for privacy, there is the following option:
If this scenario was to be implemented, I believe there would be a sub-option under "Allow access to this forum for users who authorized with SSO" to add:
"Restrict SSO users to have the following claim"
This isn't urgent as there are workarounds - we can always maintain a list of authorised users and have the "Allow access to this forum for users who authorized with SSO" turned off. For a company our size, that is annoying, but is maintainable.
Keep up the good work!
Again, love the product and continue to be impressed by the great service.
I believe a useful case for Single Sign On is to allow authorisation to Forums and Knowledge bases based on a claim coming from a Single Sign On authentication.
The prime use case I can think of for that is this scenario:
* We use an Internet Single Sign On source for our company logins to all systems.
* We are also building a Business to Consumer Directory for our consumers to allow them access to multiple systems, including UserEcho.
As we can only federate to one IdP in UserEcho (and most SaaS applications), it would be useful for us to stand up an STS that allows us to direct a user to either system, and provide single sign on for both our employees and our end users, and insert a claim based on which department or directory they come from.
In the configuration screen for privacy, there is the following option:
If this scenario was to be implemented, I believe there would be a sub-option under "Allow access to this forum for users who authorized with SSO" to add:
"Restrict SSO users to have the following claim"
This isn't urgent as there are workarounds - we can always maintain a list of authorised users and have the "Allow access to this forum for users who authorized with SSO" turned off. For a company our size, that is annoying, but is maintainable.
Keep up the good work!