Single Sign On with LDAP integration

RE: Single Sign On with LDAP integration

Ankur V — Mon, 01 Apr 2019 17:52:27 GMT

Mangesh Vidhale how did you integrate Ping Federate with Appian? Was this on Appian Cloud or for On-premise? We will be using Appian cloud and there is a VPN connection but direct access to LDAP from cloud is not permitted so we will are trying to use Ping with Just in time provisioning. We dont want ping to create user if the user does not exist in Appian but leverage LDAP DN, OU etc to authenticate user and move/ delete/ add users to groups based on the users LDAP settings. Is this possible using Ping Federate?

RE: Single Sign On with LDAP integration

Mangesh Vidhale — Mon, 27 Nov 2017 15:23:52 GMT

Hi Will,

That's correct. If the user is part of SAML authentication group then he will not able to login via Appian's native login screen.
Users that do not get authenticated via SAML can login using the URL "mysite.example.com/.../login.jsp".

Thank you.

RE: Single Sign On with LDAP integration

Will Teoh — Mon, 27 Nov 2017 00:04:52 GMT

Hi Mangesh, so do you mean that if the user is SAML Authenticated User, he will not be able to sign in via the Appian native login screen? So in other words, for garym's case, the Admin Assist. will not be able to sign in as CEO on the Admin Assist. PC if the CEO is in the SAML Authentication Users group. Am I right?

RE: Single Sign On with LDAP integration

Mangesh Vidhale — Mon, 06 Nov 2017 18:59:36 GMT

No, not through Sign Out link. I open another window and go to https://<site_url>/suite/portal/login.jsp to log in with another user (Appian user). Only non-ldap user will be able to login.

RE: Single Sign On with LDAP integration

garym — Mon, 06 Nov 2017 18:44:35 GMT

Mangesh - In your configuration, do you need to click the Log Out button before going to the https://<site_url>/suite/portal/login.jsp site or can you open another window and go to https://<site_url>/suite/portal/login.jsp to log in with another user?

RE: Single Sign On with LDAP integration

Mangesh Vidhale — Mon, 06 Nov 2017 18:41:31 GMT

As per my understanding once you configure SSO on site, it will always try to login as SSO. I am using Ping Federate IDP in my case not sure about OKTA configurations. As a workaround you can use https://<site_url>/suite/portal/login.jsp to login with Appian user (some other user) provided the user should not be part of Appian SSO Group.

RE: Single Sign On with LDAP integration

garym — Mon, 06 Nov 2017 17:42:49 GMT

Thanks Mangesh. OK, we are implementing Okta and will integrate with our Active directory. When that is all configured, can a user log out and get the login box if they need to login with a different account or will it always try to log in as SSO?

RE: Single Sign On with LDAP integration

Mangesh Vidhale — Mon, 06 Nov 2017 14:53:05 GMT

Hi Gary,

With LDAP integration, you will not get single signon automatically. Only active directory credentials will work to login to Appian through Appian login box. For single signon configuration there is separate configuration in admin console as SAML configuration. For more details related to SAML configuration please refer link SAML Single SignOn. Hope this helps.

Thank you.