General FAQs
Q: What value should I use for the nameID field?
A: The user's primary email address must be the same as the user's account within Resolver, used during the user creation process.
Q: Is it possible to bypass SSO?
A: Yes, you can apply a flag to a user that allows that user to bypass the SSO authentication process. Users that bypass the SSO Authentication process must log into Resolver using their login credentials (username and password).
Q: Can you configure multiple-domain support for SSO?
A: Yes, you can configure multiple domains through your IdP provider for SSO. Please refer to the documentation for your IdP for further information. (e.g., somedomain.com,somedomain.sub.com).
Q: Are there other data items we can send in the Security Assertion Markup Language (SAML) token, such as name, phone, country, location, etc.?
A: No, only the name, phone number, country, and location can be sent with an SAML token.
Q: Does Resolver support real-time new user provisioning based on SAML requests?
A: No.
Q: Does Resolver support logout redirect URLs?
A: Resolver does not support SSO redirect/logout URLs in the Metadata file.
Active Directory Federation Services (ADFS) FAQs
Q: We’re using ADFS as the Identity Provider (IdP). What claim should be configured?
A: The following claims should be configured when using ADFS as your IdP:
- Claim Rule:
- Template: Send LDAP Attributes as Claims
- Attribute Store: Active Directory
- LDAP Attribute: The Attribute that contains the User email addresses set up in Resolver (typically the User Principal Name, but not always)
- Outgoing Claim Type: Name ID
okta ® FAQs
Q: Where can I find the SSO URL (Assertion Consumer Service)?
A: The SSO URL can be found in the Service Provider (SP) metadata provided by Resolver for the specified environment.
Q: Where can I find the Recipient URL and Destination URL?
A: The Recipient and Destination URL is the same as the SSO URL, which can be found in the Service Provider (SP) metadata.
Q: Where can I find the Audience URI?
A: The Audience URI or EntityID can be found in the Service Provider (SP) metadata provided by Resolver for the specified environment.
onelogin® FAQs
Q: What value should the Audience be?
A: The Audience value should be the EntityID provided in the metadata (see <md:EntityDescriptor entityId=.....>
).
Q: What Value should the Recipient be?
A: The Recipient value should be provided in the Service Provider (SP) metadata file (see <md:AssertionConsumerService Location=....>
).
Q: What value should the ACS be?
A: The ACS value should also be provided in the Service Provider (SP) metadata file (see <md:AssertionConsumerService Location=....>
).
Q: What value should the Certificate be?
A: The Certificate is provided in the SP metadata file (see <ds:X509Certificate>
.....</ds:X509Certificate>
).
Note:
Resolver does not support SSO redirect/logout URLs in the Metadata file.
Azure FAQs
Q: What value should the Identifier be?
A: The Identifier (Entity ID) value should be the EntityID provided in the metadata (see <md:EntityDescriptor entityId=.....>
).
Q: What Value should the Reply URL be?
A: The Reply URL value should be provided in the Service Provider (SP) metadata file (see <md:AssertionConsumerService Location=....>
).
Q: What value should the Sign on URL be?
A: The Sign on URL value should also be provided in the Service Provider (SP) metadata file (see <md:SingleLogoutService Location=....>
).
One-click SSO Log In
Q: What are different syntax examples for using the one-click SSO log in feature?
A: Some syntax examples for the one-click SSO log in feature are as follows:
- Login page:
https://core.resolver.com/#/session?domain=kroll.com
- Bookmarked URLs:
- Forms:
https://sandbox.resolver.com/#/applications/▊▊-▊▊-▊▊-▊▊-▊▊/activities/▊▊-▊▊-▊▊-▊▊-▊▊/form/default/object/27727/edit?domain=kroll.com
- Reports:
https://sandbox.resolver.com/#/applications/▊▊-▊▊-▊▊-▊▊-▊▊/activities/▊▊-▊▊-▊▊-▊▊-▊▊/report/▊▊-▊▊-▊▊-▊▊/object/1?domain=kroll.com
- Activities:
https://sandbox.resolver.com/#/applications/▊▊-▊▊-▊▊-▊▊-▊▊/activities/▊▊-▊▊-▊▊-▊▊-▊▊?domain=kroll.com
- Forms:
- Favorited search results: since searches contain query values in the URL, these will need to be appended with an & instead of a ? on the URL
- Search:
https://core.resolver.com/#/search?searchText%3Dtest&domain=kroll.com
- Search:
Q: What happens when a user logs out of a session?
A: Users will be redirected to a URL without any specified domain.
Q: What happens when an inactive session expires?
A: If an inactive session expires, since the user details are currently stored in the cache, users will be directed back to the one-click login screen.