SSO Frequently Asked Questions

General FAQs

Q: What value should the nameID be?

A: The user’s primary email address. This email address must also be the same email address used when the user’s account was created in Core.

Q: Is it possible to bypass SSO?

A: Yes. Users can be flagged to bypass the SSO authentication strategy, which then enables a user to log in using the default username and password strategy.

Q: Is there multiple domain support?

A: Yes. Multiple domains can be configured for SSO (e.g., somedomain.com,somedomain.sub.com).

Q: Are there any other data items we can send in the SAML token, such as name, phone, country, location, etc?

A: No.

Q: Does Core support real-time new user provisioning based on SAML requests?

A: No.

ADFS FAQs

Q: We’re using ADFS as the IdP. What claim should be configured?

A: Claims should be configured as follows:

  • Claim Rule: Template: "Send LDAP Attributes as Claims"

  • Attribute Store: Active Directory

  • LDAP Attribute: User Principal Name

  • Outgoing Claim Type: Name ID

OKTA FAQs

Q: Where can I find the Single Sign On URL (ACS)?

A: The Single Sign On URL can be found in the SP metadata provided by Resolver for the specified environment.

Q: Where can I find the Recipient URL and Destination URL?

A: The Recipient and Destination URL can be the same as the Single Sign On URL, which can be found in the SP metadata.

Q: Where can I find the Audience URI?

A: The Audience URI or EntityID can be found in the SP metadata provided by Resolver for the specified environment.

OneLogin FAQs

Q: What value should the Audience be?

A: The Audience value should be the EntityID provided in the metadata (see <md:EntityDescriptor entityId=.....>). 

Q: What Value should the Recipient be?

A: The Audience value should also be the EntityID provided in the metadata.

Q: What value should the ACS be?

A: The ACS value should be provided in the the SP metadata file (see <md:AssertionConsumerService Location=....>). 

Q: What value should the Certificate be?

A: The Certificate is provided in the SP metadata file (see <ds:X509Certificate>.....</ds:X509Certificate>).