Hi,
If we use the LDAP integration with our Active Directory that internal users are using to log in to the network, does that mean we get single sign-on automatically meaning that if the user is logged into our network and clicks on a task link or site, they will not be presented with the Appian login box?
If not, then what else needs to be done to get SSO? Also, can they log out and get the login box if they need to log in as someone else (ie. admin assistant logging in for CEO)
Thanks,
Gary
Discussion posts and replies are publicly visible
Hi Gary,
With LDAP integration, you will not get single signon automatically. Only active directory credentials will work to login to Appian through Appian login box. For single signon configuration there is separate configuration in admin console as SAML configuration. For more details related to SAML configuration please refer link SAML Single SignOn. Hope this helps.
Thank you.
As per my understanding once you configure SSO on site, it will always try to login as SSO. I am using Ping Federate IDP in my case not sure about OKTA configurations. As a workaround you can use https://<site_url>/suite/portal/login.jsp to login with Appian user (some other user) provided the user should not be part of Appian SSO Group.
Mangesh Vidhale how did you integrate Ping Federate with Appian? Was this on Appian Cloud or for On-premise? We will be using Appian cloud and there is a VPN connection but direct access to LDAP from cloud is not permitted so we will are trying to use Ping with Just in time provisioning. We dont want ping to create user if the user does not exist in Appian but leverage LDAP DN, OU etc to authenticate user and move/ delete/ add users to groups based on the users LDAP settings. Is this possible using Ping Federate?