+26
Under Review

Remove "Login" field after SAML integration.

adam ellington 5 years ago updated by Cazi 1 month ago 21 2 duplicates

Have the option to only allow authentication through SAML once it's integrated.

Available in Version:
Duplicates 2

Would like to second this.  We want our page to redirect to our own authentication page that handles authentication and multifactor, before letting them log in to ScreenConnect.   Having the ability to turn this feature on/off from WebConfig Options would be great.

+1

I agree, now that we have SAML working I don't understand why the username, password and login buttons are active.



+1

We allow some of our clients with internal IT to use our ScreenConnect instance. If I link their Azure AD and put the Display Name as them, then it leaks who my clients are to the public. The only alternative is to give them generic names, but then I have to tell my various clients to use the second button, or the third one.


I would really like it if the logon page could match the domain of the user with a given external provider instead of listing the various external providers to the public.


We could simple add a field to the SAML configuration that is the domain name and then it can auto switch.

Wondering if there's any movement on this.  We'd like to activate SAML auth, pairing it with our AD accounts.  But, we don't want them to also be able to log in with their AD accounts.  With this "dual" login option, seems like we're offering them a workaround for the MFA we're imposing.  I see it was under review 3 months ago.  Any progress on that review?  Thanks!  Patrick

Another vote for this please :) obviously with a backup URL so if SAML fails we can still get in using an dedicated admin account with a secondary method. SecretServer has a great implementation for this if anyone needs  some inspiration.

Yeah this would definitely be a good feature.  Even at least removing the Forgot Password? option as this wouldn't be service by Control at all.

For those who want to hide the Forgot Password? link, simply go to Admin > Appearance and edit the LoginPanel.ForgotPasswordLinkButtonText field and ensure that it is empty (no value).

Hope that helps.

We would also like to get directly logged in via our SSO Portal, there should be an attribute - RequestInitiator Biding in SAML for this?

Any update regarding this subject?

I'd love to see a mapping of the domain name to OAUTH user source in Control -- so these 5 domains go to this OAUTH client.. and anything else goes to the local source for example.  

When a user enters their email address Control would know where to send them for login the same way Microsoft does when you enter a domain that is using federated auth.

We would also like to see this feature. We only use SSO, so the login page is redundant. It would be best if the user clicks login and are just signed in with SSO.

Has there been an Movement on this wanting to get rid of the local login 

+2

I would like to second this. When using certain browsers with SSO (Azure AD in our case) if you go back to the login screen it auto populates your SSO string in the user name field and this can cause consistent sign in issues with non-tech savvy people. For example if your company uses this tool for IT personal and also for secure remote connection for maintenance staff to access the computer running HVAC control software. The Maintenance staff won't realize how to get around this and sign in with a different user. This is consistently generating some tickets for our Helpdesk. 

Yes please!... we have no users with passwords, please let us remove the option and in turn remove the clicks...

Yes, please have an option disable or at least hide the local account logon fields for customers that use SSO. Also, consider updating the word "Login" to "Sign in" which is the more modern and accurate term these days.