Forum Discussion

David_Bond's avatar
David_Bond
Icon for Professor rankProfessor
2 years ago

SSO used based on Tenant ID

[Thomas Coventry-Brooker requests that…]

It should be possible for different SSOs to be selected based on assignment of Tenant to user.

This could possibly be achieved with:

MyTenantID.MyMsp.logicmonitor.com as the sign-in screen.

(Actually, TCB just said "that's a good idea", but hopefully any approval from him is a good thing)

  • Anonymous's avatar
    Anonymous

    I’ve asked for this before, but I’m not sure anyone at LM gets it:

    Other multi-IdP connected services prompt for the username first, then based on the username redirect to the appropriate authentication method (local, IdP1, IdP2, etc.). LM still assumes that local logins are the way most people will be doing things, so based on that assumption, they prompt for username and password on the main logon page. If you are SSO (which you might not know you are), you have to click the SSO button to be redirected, put your username in there, then get logged in.

    Essentially, the first logon page should look like this:

    And if you put in a username that doesn’t match any of the configured IdPs, you get this:

    If you were to enter a username that matched a configured IdP, you’d either be

    • logged in immediately because you’re already authenticated with your IdP
    • or prompted to log in to your IdP (preferably in a modal that doesn’t lose your original target page in LM) and then logged in to LM

    What LM has failed to realize is that this single login page could also provide the ability to manage logins to multiple portals at once (and tie into support portal and community logins). If I provide a username to the logon page, LM can easily figure out which portals I have user accounts in. It could populate a dropdown box listing those portals, defaulting to the one I’ve visited most recently (hello cookies). 

    Can you imagine going to logon.logicmonitor.com and logging into any/all your portals at once? Can you imagine LM having a single place to login instead of thousands of logon pages that all should be monitored by the portal owners for nefarious activity?