This article highlights the differences between "Authentication Only" mode and "Strict Mode" when you configure SSO. When choosing between these modes, it is essential to consider your specific requirements as well as your internal onboarding process.
- Authentication Only Mode:
Recommended for organizations that want to manage users' roles, teams, etc within Secure Code Warrior Platform. Authentication is managed by the organization's directory services. - Strict Mode:
Recommended for organizations that want to manage everything, including Secure Code Warrior Teams, Roles, etc within their own directory service
Note: for more details about SSO configuration, please read this article Setup and Configure Single-Sign-On (SSO)
Below is a table of what can be changed in 'Authentication Only' mode and what cannot be changed in 'Strict Mode' within the admin panel.
Action |
Authentication Only Mode |
Strict Mode |
Change a users role via UI |
Yes |
No |
Change a users team via UI |
Yes |
No |
Delete User via UI |
Yes |
Yes |
Change User email address via UI |
Yes |
No |
Add tags to users via UI |
Yes |
No |
Q) Why can't I edit users' details within the platform when SSO is configured in Strict Mode?
This is because with "Strict Mode" the data that is passed in the SAML will overwrite anything in the platform.
For example, If you change a developer's role to a 'company Admin' within the platform but they aren't also added to the 'Company Admin' group within the Identity provide (IDP), the user will be reverted back to the developer role upon their next login.
Comments
0 comments
Please sign in to leave a comment.