You need to sign in to do that
Don't have an account?
Caffeine
My Domain, SP-Initiated SAML and the Administrator
I got a question from a guy from a customer today about My Domain, SP-Initiated SAML and the Admin login
Background:
- When setting up 'My Domain' and Federated, you can set up SP-initiated AND set it so that all logins must be from the My Domain page (no going to login.salesforce.com)
- Now consider this scenario, they set up SP-initiated and also check the flag to lock logins to be only from the My Domains page. Their IDP goes down. The Admin tries to login. It seems he is stuck. He goes to the My Domain page, which forwards him to the IdP which is down. He can't go to login.salesforce.com because of the lock setting.
Question: What do they do?
I believe the only answer is that they cannot lock people to using the My Domains page without risking locking the Admin out in the case of an IDP-down situatino. They have to leave open the possibility of going to login.salesforce.com to allow the Sys Admin to login in an emergency situation.
Thoughts?
If an admin needs to login directly (IDP is down etc) to the org, then they can add "?login" to the My Domain URL and use the salesforce username and password.