Only allow SSO to Company Portal (not app related)

0
Our company wants to enable SSO for the cloud portal itself (not for applications). We found the documentation here: Set Up an SSO (BYOIDP) | Mendix Documentation   The reason being, if they are terminated, we want out identity provider to stop them immediately instead of having to manually go into the control center and deactivate them.   In order for this to make any sense that would be would have to restrict access to the cloud portal so that SSO is the *ONLY* way to log in. We don't want them to be able to log into their own mendix account with a username and password.   Is this possible when enabling SSO for the platform itself? (ie SSO being the only way to log in). Again this isn't about forcing SSO on any applications, but the playform itself
asked
2 answers
1

Hi Brian,

 

Using SSO basically delegates the login process to your IdP.

If a user is deactivated in your IdP this will prevent the user from doing a new login - the SSO will fail.

As you pointed out, the user will not be deactivated on the platform.

We provide 2 options to deactivate such a user:

- manually via control center

- in an automated fashion via the user deactivation API: https://docs.mendix.com/apidocs-mxsdk/apidocs/user-deactivation-api/

 

I hope this helps, kind regards, Jaap

 

answered
0

Hello Brian ;) 

 

I would break down your concerns in two parts.

 

1) You want SSO to be enabled

2) You want local login to be disabled

 

For 1) Enabling SSO there are very many resources online including the one you have found so that's another concern that it's doable.

 

For 2) something that may help is this marketplace component - Disable Mendix Login

 

image.png

answered