Skip to main content

Hello everyone

I have a customer using one of my extended enterprise subdomains, plugged into its SSO.

I have activated the function to connect only using the “SAML SSO” button. But as I don’t have credential on my customer SSO, I can not connect.

I can if I’m activating the SMAL_SSO + login/password option… but this is confusing for my customer: half of them connect by clicking on the SAML SSO button, others try with credentials and fail.

So is there an alternate URL for this subdomain where I could connect, with my login/password and not use the SAML SSO button?

@Bouben I have a similar setup with a couple of my tenants. Basically, I log in to my docebosaas.com domain and then impersonate whomever is in the tenant. You can see the dashboard for anyone in this subdomain except for the SuperAdmin.


That is what we do as well.


Hi there,

So if I am reading this correct, you are on your SAAS/Root Domain URL and looking to access the Secondary Domain or Subfolder EE?

If so, head over to the Extended Enterprise and locate the EE and click on the Settings.

 

 

The following page will show. Click on Configure Branding and Look. This will then open in a new tab, but you will see you are now logged into the Secondary Domain/EE and free to navigate around. This works as a Superadmin.

If you need a bypass URL for ‘User’ / ‘Poweruser’ permission level users, you will have to set this up with the OAUTH app.


There is actually a way to work around this, but I’d recommend discussing it with your IT team first to ensure it aligns with your security policies.

  1. Install the API and SSO app
  2. In the app, click API Credentials
  3. Click the Add OAuth2 App button
  4. Enter a name and description of your choice
  5. Enter “admin” in the Client ID
  6. Enter the main platform URL (not the extended enterprise; if it's a custom domain, you can use the custom domain)
  7. Click Advanced Settings and check the boxes for Authorization Code + Implicit Grant and Resource Owner Password Credentials
  8. Confirm
  9. Now to log in without SSO you need to access from the following link (customize the bold red text) https://subdomainurl.com/oauth2/authorize?response_type=token&redirect_uri=https://maindomainurl.com/&realm=resource&client_id=admin

Of course, the client ID “admin” can be replaced with anything you prefer, as long as it’s consistent in both step 5 and step 9.

 


Reply