General FAQs
Q: What value should I use for the nameID field?
A: The user's primary email address must be the same as the user's account within Resolver, used during the user creation process.
Q: Is it possible to bypass SSO?
A: Yes, you can apply a flag to a user that allows that user to bypass the SSO authentication process. Users that bypass the SSO Authentication process must log into Resolver using their login credentials (username and password).
Q: Can you configure multiple-domain support for SSO?
A: Yes, you can configure multiple domains through your IdP provider for SSO. Please refer to the documentation for your IdP for further information. (e.g., somedomain.com,somedomain.sub.com).
Q: Are there other data items we can send in the Security Assertion Markup Language (SAML) token, such as name, phone, country, location, etc.?
A: No, only the name, phone number, country, and location can be sent with an SAML token.
Q: Does Resolver support real-time new user provisioning based on SAML requests?
A: No.
Q: Does Resolver support logout redirect URLs?
A: Resolver does not support SSO redirect/logout URLs in the Metadata file.
Active Directory Federation Services (ADFS) FAQs
Q: We’re using ADFS as the Identity Provider (IdP). What claim should be configured?
A: The following claims should be configured when using ADFS as your IdP:
- Claim Rule:
- Template: Send LDAP Attributes as Claims
- Attribute Store: Active Directory
- LDAP Attribute: The Attribute that contains the User email addresses set up in Resolver (typically the User Principal Name, but not always)
- Outgoing Claim Type: Name ID
okta ® FAQs
Q: Where can I find the SSO URL (Assertion Consumer Service)?
A: The SSO URL can be found in the Service Provider (SP) metadata provided by Resolver for the specified environment.
Q: Where can I find the Recipient URL and Destination URL?
A: The Recipient and Destination URL is the same as the SSO URL, which can be found in the Service Provider (SP) metadata.
Q: Where can I find the Audience URI?
A: The Audience URI or EntityID can be found in the Service Provider (SP) metadata provided by Resolver for the specified environment.
onelogin® FAQs
Q: What value should the Audience be?
A: The Audience value should be the EntityID provided in the metadata (see <md:EntityDescriptor entityId=.....>).
Q: What Value should the Recipient be?
A: The Recipient value should be provided in the Service Provider (SP) metadata file (see <md:AssertionConsumerService Location=....>).
Q: What value should the ACS be?
A: The ACS value should also be provided in the Service Provider (SP) metadata file (see <md:AssertionConsumerService Location=....>).
Q: What value should the Certificate be?
A: The Certificate is provided in the SP metadata file (see <ds:X509Certificate>.....</ds:X509Certificate>).
Note:
Resolver does not support SSO redirect/logout URLs in the Metadata file.