Users can log on with their Identity Authentication credentials, when a corporate identity provider is selected as default (for SAML 2.0 applications).
You have chosen a corporate identity provider as default. For more information, see Choose a Corporate Identity Provider as Default.
The Allow Identity Authentication Users Log On option is supported for SAML 2.0 applications only.
-
Sign in to the administration console for SAP Cloud Identity Services.
-
Under Applications and Resources, choose the Applications tile.
-
Choose the application that you want to edit.
Type the name of the application in the search field to filter the list items, or choose the application from the list on the left.
If you don’t have a created application in your list, you can create one. For more information, see Create a New Application.
-
Choose the Trust tab.
-
Under Conditional Authentication, select the Allow users stored in Identity Authentication service to log on check box.
By default this option is disabled.
The check box is visible only if have chosen a corporate identity provider as default.
-
Save your selection.
-
Pass the parameter
idp=<idp_name>with the SAML 2.0 authentication request in the body or url to use this Identity Authentication tenant for authentication.It depends on service provider whether the parameter can be passed in body or URL. Identity Authentication doesn't control how the SAML 2.0 request is sent.
The
idp_namemust match the name of the identity provider, configured in the Name field under Tenant Settings. For more information, see Tenant SAML 2.0 Configuration.