Forum Discussion
I've reached out to our support team for some assistance with this one and there are some limitations with SSO implementation currently. If the customers were created using the customer AD pass through, it is currently not possible for them to login from outside the network with those credentials. Once they are created that way we pass the authentication off to IIS, so a VPN would be required.
- You could delete them all and recreate the accounts by importing the list of customers rather then use IIS. They could still log in via the IIS pass through, but if the accounts are created outside of automatically, then they can log in just at the portal as well.
- The second option is as I mentioned already, have them connect via a VPN or login into a local computer using remote access (GoToMyPC etc)
- Haq Saq7 years agoNew Member
Hi @GlennD
I think this is a good compromise until you hit a key barrier:
We have employed your option 1 and therefore now we have the internal AD login enabled and successful. HOWever, when we create new users and this sends them an invitation. Rather than reading the invitation and actioning upon it. They will access the helpdesk through the IIS page or clicking on Active Directory login on the page and overwrite the account we created for them. If they later (2 minutes later) decide to create a password for he accont in case they need access to the helpdesk outside the office (and without VPN). They cant use the activation link anymore. The link now says the account is already activated and the user has never setup a known password. If the user then tries to login through the internet portal and clicks on "Forgotten Password" link. They'll recieve a message: "Could not find a user with that email address."
Isnt there anyway we can just have both without forcing the user to do anything first? This is really rather frustrating not knowing what account is being used - i.e. self registered or the one IT created.
Thanks,
Haq