SSO & Differential Site Authentication

[David G]

We've successfully implemented SSO for our instance but unless we're missing something it is either on or off for all sites - live, admin, service & customer.

Our 250+ customers will only ever access Service Manager (via service.hornbill.com) from within our corporate network so single sign-on using ADFS is ideal and this works as expected. 

However, our analysts will access the live site from anywhere, both inside and outside the network. What we'd ideally like to do is enable SSO for service.hornbill.com but use password authentication for live.hornbill.com.  Although we can create separate SSO profiles for each site, SSO seems to be either completely on for all or off for all.  We found an single historical forum post suggesting this is true but is this interpretation correct? 

If so, is there anything in the change pipeline to allow differential site authentication?

[TrevorKillick]

Hi David,

Currently that is correct is has been raised by one or two customers previously, their are currently no formal plans to introduce this segregation of SSO between our Application (Live, Admin, Service & Customer), i will raise this again with out development team and see what there thoughts are on this.

There is a Realm setting against an SSO provide User | Guest this differentiates between the Customer Portal and Live, Admin & Service which is currently the only separation. 

Kind Regards

Trevor Killick

[David G]

Okay, thanks for the response, Trevor.  This really would be something we'd be very eager to have as with SSO turned on, you effectively limit a cloud solution to only be accessible from your corporate network.  With SSO turned off, you're effectively discouraging your customer base from actively using the portal by complicating the login process with an additional logon (it takes just the smallest things for users not to use self-service!).

 

[Everton1878]

We'd like the option to be able to access via some sort of SSO bypass as well

If I'm at home I have to use the VPN or connect to our Citrix environment to be able to access the Live and Admin sites

We also have some international users that aren't on our domain and only use Citrix

If they can't get onto Citrix then they'll need to ring or send us an email as they wont be able to access the Service portal

[psybox]

we would also like to see this for admins - but also for service.hornbill too. We have a growing number of staff who work remotely, in clients offices, from home etc. Although they can email in, it stops us from encouraging staff to use the portal and use less email.

[JonNutt]

Don't know if you've seen my update on this post:

I've found a workaround, but it's got limitations and is definitely not a supported route. Mileage may vary but it's an option worth exploring.

Jon.