Hi, I am configuring SSO in an application that will use our ADFS (SAML) set up.  I think I have done all of the IdP configuration correctly, and the two systems seem ready to talk to each other.  The only thing I am wondering, and it may be a silly question, how do I set up users?   I have created a test user with the same UserName as their User ID in our Active Directory, but still have to add a password.  Obviously the whole idea of SSO is that the users can log on with their Domain Credentials so what do I do?  I am not creating users on log on as I need to set different roles.  I get an incorrect username or password error when I try and log on. There is the possiblity that I havent actually set it up right of course! Thanks   EDIT:  I havent set up different login.html pages for this and I do have some users that won’t be using SSO.  I’m assuming that this won’t work?   I need to have internal users to my company to have SSO access, and external users of the app (clients) to log in without SSO.
2 answers

Hi Ben, 

Please check if you have the following configured, and make sure the needed userroles are passed on in the claims from de AD response:

In the CustomUserProvisioning flow:

The retrieve on UserRole:


When you create a user in Mendix you still have to give him a password. That will only not be used to login the user (but could still be used if the person new it). So just create a random complex password when creating the user.

And indeed it is still possible for users that do not have SSO to login in the normal way. So SAML and the Mendix login can co exist along each other. But since SSO users never know their regular password the only way for them to log in is to use SSO.