EasySSO with SAML can be configured in three different modes:
- Redirect to SAML IdP on access to any URL, except the login page. This will allow users to log out and use a local identity to log in again.
- Redirect to SAML IdP on access to any URL including the login page (a.k.a. "forced SAML mode"). This will require everyone to always go via IdP.
- Display a SAML Login button next to the default password-based credentials entry form on the login page. This may be used if you want to offer SAML login as an alternative to the local login e.g. when you have internal and external users accessing your services.
This configuration can be done in the Look&Feel tab of the SAML authenticator configuration screen.
We have had reports that some of the third-party apps may prevent the display of the EasySSO SAML Login button when a failure occurs.
Troubleshooting
Step 1: Verify the configuration
Step 2: Javascript errors on the login page can stop the rendering of the SAML button so that it becomes not visible. This can be identified in the browser developer tools web console.
Step 3: Verify if the issue is caused by a third-party app by disabling the third-party app. If the SAML Login button loads and displays correctly with the third party add disabled you will need to reach out to their support to report this issue.
Step 4: If the errors are not clear or step 3 did not result in the SAML Login button loading and displaying correctly, please contact TechTime via our Support Portal including a HAR file and logs.