Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Multiple Identity Providers including Saviynt local login as option

adriencosson
Regular Contributor III
Regular Contributor III

We are willing to integrate multiple Identity Providers in lower environments, with the following scenario : 

  • Standard Users, that will log in using their Azure AD account and will configure the solution -> Already configured
  • Demo Users, used for demonstratings POCs for further implementations, using Saviynt local database. -> To be configured in Multiple IDP settings

Questions :

  1. Is this achievable to set up Saviynt as an option for multiple IDPs ? (My fear is that the redirect to /ECM/login/auth might call back to the dropdown for selecting which IDP we want to use)
  2. Any one who was able to insert Saviynt as one of the option inside multiple IDPs could share a sample Authentication.groovy template ?

Many thanks !

Regards,
Adrien COSSON
6 REPLIES 6

rushikeshvartak
All-Star
All-Star
  1. You can have multiple service providers
  2.  Refer below link
    // MULTIPLE IDP START
    grails.plugin.springsecurity.saml.metadata.providers = [  okta1:'security/idp.xml' , okta2: 'security/idp-new.xml' ]
    grails.plugin.springsecurity.saml.metadata.sp.file = [testone: 'security/sp.xml', testtwo: 'security/sp-1.xml']
    grails.plugin.springsecurity.saml.metadata.sp.defaults.alias =  'testone1'
    
    // Define all idps entity ID here
    ecm.login.options = [
       "okta1" : "http://www.okta.com/xxxx" ,
       "okta2" : "http://www.okta.com/xxxx"
    ]
    
    
    // Displays popup values for customer , left side is the one which gets displayed
    // in popup, right one is key to ecm.login.options defined above
    customer.domain.login.options = [
       "okta1.xxx.com" : "okta1",
       "okta2.xxx.com" : "okta2"
    ]
    
    // Displays popup values for saviynt team , left side is the one which gets displayed
    // in popup, right one is key to ecm.login.options defined above
    saviynt.domain.login.options = [
      "okta1.xxx.com" : "okta1" ,
      "okta2.xxx.com" : "okta2"
    ]
    
    
    
    
    // MULTIPLE IDP END

https://saviynt.freshdesk.com/support/solutions/articles/43000661162-saml-metadata-files#SAMLMetadat...

https://saviynt.freshdesk.com/support/solutions/articles/43000641546-configuring-saml-based-single-s...

rushikeshvartak_0-1674853378661.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

adriencosson
Regular Contributor III
Regular Contributor III

Thanks Rushikesh,

I have been checking on that document as well, I am simply asking if Saviynt's local database can actually be an option in one of my IDPs.

Regards,
Adrien COSSON

That option is always available unless blocked by saviynt 

https://<domain>/ECM/login/authsaviynt

https://forums.saviynt.com/t5/identity-governance/enable-local-authentication/m-p/15310


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

adriencosson
Regular Contributor III
Regular Contributor III

Ok so if I understand well :

  • For the demo users I want to connect with Saviynt's local database, I must set the following URL in the Authentication Groovy URLs options : https://<tenant>.saviyntcloud.com/ECM/login/authsaviynt
  • I need to set these demo users the attribute localAuthEnabled as true / 1.
  • Last question : How the given "bypass" url /ECM/login/authsaviynt is disabled from the configurations files ? In other words, how do I keep this URL up even if I have multiple IDPs as a backup plan ?
Regards,
Adrien COSSON

Its managed at server level, usually if your server managed by saviynt (saviyntcloud.com) they deny the access and allow only to be used by saviynt internal vpn


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

adriencosson
Regular Contributor III
Regular Contributor III

All good sir, thanks a lot for your help ! 

I am going to test this out and post the solution once done with testing !

Regards,
Adrien COSSON