SAML authentication in multi tenant environments

Applies to Infiniti v8.6.4 or later
 
Unfortunately, when navigating to the Produce home page, Infiniti does not know which tenancy that should be logged into. The default in a Forms authentication environment is to present the login page.
 
To allow navigation to a specific tenancy, and therefore to authenticate using SAML instead of forms authentication, Infiniti has the following techniques:
 
  1. When navigating to a specific form, Infiniti is able to determine the tenancy of that form and will therefore use the authentication method defined by that tenancy.
  2. A TenantId may be used to specify what tenancy to log in to, if navigation to the Produce home page is required. The produce home page in this situation will be the normal home page with "/b/12345" appended to the URL (where the tenant id is 1f0ff6c1-7f29-45fb-9727-1b7b18019f1c). So if Produce is normally http://ixtransform.com then a specific tenancy can be navigated to at http://ixtransform/b/1f0ff6c1-7f29-45fb-9727-1b7b18019f1c.

    The easiest way to determine the Tenant Id is via the multi-tenant management portal. Simply click on the tenancy to navigate to the "edit tenant" screen, then examine the URL, which should have something like:
    TenantEdit.aspx?ID=1f0ff6c1-7f29-45fb-9727-1b7b18019f1c
    on the end. The ID in question is the tenant Id.
Once a SAML Produce instance is navigated to, a cookie will be stored on that computer and will will remember that when accessing that instance of Infiniti, SAML login is preferred. In this situation, in the unlikely situation where forms authentication is desired, the SAML tenancy must be logged out and cookies cleared.
 

Related Articles

 

Keywords

Business Unit