We are using a custom SSO sign on in our production environment. Because of this, we do not show the Terms of Service for the user to accept. Is there a way to show the Terms of Service, have the user accept, then do the SSO login?
Discussion posts and replies are publicly visible
If users are directed to the IDP initially, the ideal configuration would be to have the terms of service at the IDP.
The terms of service configuration as defined in the Admin Consule is specific to the Appian sign-in page. You could configure your SAML settings for the Default Sign-In Page to be the Appian sign-in page and then add a Sign-In Page Link that points to the URL to direct users to the IDP. If all of your users are utilizing SSO that isn't a great user experience. It could also be circumvented if someone went directly to the IPD URL.
Why not have a consolidated user experience where Appian shows the TOS for using Appian regardless of the authentication mechanism? IDP isn't what the user is agreeing to use.
In other words, user experience is:
Your user experience description is how Appian functions for the internal Appian and LDAP authentication mechanisms, but it can't be configured that way for SAML. If you have multiple authentication mechanisms configured it could get even more complex as the system wouldn't know how to forward someone when there is no way to tell how they should be authenticated.
Setting up a link to the IDP on your sign-in page would get you close, but would require an additional click by the user. If you haven't already, you should enter a support case with the details of your authentication setup so an enhancement ticket can be logged and the Appian engineering team is aware of the use case for potential product enhancements in the future.