+16
Under Review

Remove "Login" field after SAML integration.

adam.ellington 3 years ago updated by jhardwick 5 months ago 15 1 duplicate

Have the option to only allow authentication through SAML once it's integrated.

Available in Version:

Duplicates 1

Would like to second this.  We want our page to redirect to our own authentication page that handles authentication and multifactor, before letting them log in to ScreenConnect.   Having the ability to turn this feature on/off from WebConfig Options would be great.

I agree, now that we have SAML working I don't understand why the username, password and login buttons are active.



+1

We allow some of our clients with internal IT to use our ScreenConnect instance. If I link their Azure AD and put the Display Name as them, then it leaks who my clients are to the public. The only alternative is to give them generic names, but then I have to tell my various clients to use the second button, or the third one.


I would really like it if the logon page could match the domain of the user with a given external provider instead of listing the various external providers to the public.


We could simple add a field to the SAML configuration that is the domain name and then it can auto switch.

Wondering if there's any movement on this.  We'd like to activate SAML auth, pairing it with our AD accounts.  But, we don't want them to also be able to log in with their AD accounts.  With this "dual" login option, seems like we're offering them a workaround for the MFA we're imposing.  I see it was under review 3 months ago.  Any progress on that review?  Thanks!  Patrick

Another vote for this please :) obviously with a backup URL so if SAML fails we can still get in using an dedicated admin account with a secondary method. SecretServer has a great implementation for this if anyone needs  some inspiration.

Yeah this would definitely be a good feature.  Even at least removing the Forgot Password? option as this wouldn't be service by Control at all.

For those who want to hide the Forgot Password? link, simply go to Admin > Appearance and edit the LoginPanel.ForgotPasswordLinkButtonText field and ensure that it is empty (no value).

Hope that helps.

We would also like to get directly logged in via our SSO Portal, there should be an attribute - RequestInitiator Biding in SAML for this?

Any update regarding this subject?

I'd love to see a mapping of the domain name to OAUTH user source in Control -- so these 5 domains go to this OAUTH client.. and anything else goes to the local source for example.  

When a user enters their email address Control would know where to send them for login the same way Microsoft does when you enter a domain that is using federated auth.

We would also like to see this feature. We only use SSO, so the login page is redundant. It would be best if the user clicks login and are just signed in with SSO.