You are here

You are here

Mixing SSO and Password Login

Activating SSO for an account does not replace the ability for customers to also leverage the SpringCM login page. It is possible to setup an account so users can both use a username/password and SSO.

If SSO is configured for an account, the following are some scenarios why password authentication may want to be enabled as well:

  • Users need to use non-SSO enabled access methods to SpringCM. Access methods that require username and password include Webdav and SFTP.
  • Code written against the SpringCM API may need to connect in an administrative context instead of in the context of a logged in user.
  • Users that have administrative access to SpringCM may not always want to be logged in as an Administrator. In this case, a second user may be created to be used strictly for logging in for administrative purposes.
  • Customers may want to grant access to their SpringCM account to users such as guests, temporary contractors, and partners that they don't want to add to their enterprise user repository used by the SAML Identity Provider.

For these cases, SpringCM allows you to choose how you want your account to behave when using SAML SSO. Start by choosing a default: either all users are allowed to create passwords in addition to SSO or all users are not allowed to use passwords by default. To set the account default navigate to Preferences then Security. Under the Passwords header choose the default under the option Allow Password Login for SSO Users as shown in the following diagram. After the default is set, you may selectively override the default for a user by clicking on that user in the Address Book and changing the value set for the Allow Password Login option as shown in Address Book diagram below.

passworddefaults.png

addressbookpasswordlogin.png