SAML authentication

RE: SAML authentication

Mike Schmitt — Thu, 08 Apr 2021 15:19:39 GMT

SAML users can not log in with username/password, even with a current/valid temp or permanent password. You will need to instruct such users to ignore that temporary password email, and potentially take steps to avoid it being sent, like via using the "add user with i19n" smart service found in the Personalization Utilities plug-in.

RE: SAML authentication

saik0006 — Thu, 08 Apr 2021 14:52:55 GMT

Hi Mike,

Thanks for your replay,

Let me be more clear for you.

we are using SAML authentication for user login. After creating user /resetting password user gets an email with temporary password once user logged in with temporary password it gets mapped with SAML, but while try to login with temporary password it's showing an error (The username/password entered is invalid. usernames and passwords are case sensitive). From past 1 week we are facing this issue.

RE: SAML authentication

Mike Schmitt — Thu, 08 Apr 2021 14:18:49 GMT

Can you expand on what you mean by "SAML authentication for first login"? Usuaully when you bother to set up SAML that means your users (or some subset of them) will always be logging in using SAML. It sounds like you're saying someone will log in (successfully?) using SAML then do something to create themselves a second, non-SAML Appian username -- if so, I'm confused why.

In any case, you'll need to make sure any user accounts that you want to use username/password login for are not in the "SAML users" group (whichever group you have defined in your SAML configuration), because if a basic-auth user is in that group, they will be unable to log in at all. This is just the first thing i can think of and there could be a few other potential causes, but any clarification you can provide would be helpful.