@tommyVan - you are welcome - happy to help. Listen I think there is a setting that you can flick on to ensure that people only go through their appropriate branch.
“On the Settings page, flag the option to enable login restrictions for the users of your Extended Enterprise. This option can only be flagged globally (for all of the Extended Enterprise clients), it is not possible to set this restriction at domain level.
When this option is enabled, users will be able to log in only to the domain they belong to. If a user attempts to access an Extended Enterprise platform to which he or she is not assigned, he or she will receive an error message and will not be allowed to log in.”
@dklinger You’re great! This whole community is fantastic!
CAUTION: Hey there...careful with this option as it may affect your PU’s and ability to impersonate users...We are also on the Enterprise plan and were told by our CSM that we should not use this option…
Please make sure to test, test, test if you plan on keeping it “ON”
@lrnlab It wouldn’t affect Superadmins, right? We don’t have any PUs that would need to impersonate users besides the ones that live in that branch.
@lrnlab It wouldn’t affect Superadmins, right? We don’t have any PUs that would need to impersonate users besides the ones that live in that branch.
cannot recall so please test it out thoroughly. If memory serves, it was more about the PU’s but I cannot say for sure that the supers were not affected...
So far I can still impersonate, but they can also just login to the main lms, so not sure if the setting triggered? Will let you know what happens.
it will only block if they are in a sub domain so that’s good for you.
So, small update. Because the old URL, lms.flpps.org , is the root tenant, people who login via their specific EE will always have access to the original URL. I have been told this is expected behavior (not a bug) and that there is essentially no workaround. The way this affects me negatively is that all of the branch that now has their own domain can still access the old domain, causing confusion for those who are trying to take agency specific training. Furthermore, it nixes the idea of unifying the agency’s source of truth under the umbrella of active directory. This is ongoing, though, so I’ll try to keep everyone in the loop.
@tommyVan I had posted an idea to have the root removed from the available URLs when on Extended Enterprise but it was shot down. I would have hoped that in these circumstances we could have this option but it doesn't seem like there is any interest.
@tommyVan I had posted an idea to have the root removed from the available URLs when on Extended Enterprise but it was shot down. I would have hoped that in these circumstances we could have this option but it doesn't seem like there is any interest.
What they are doing by shooting that down is essentially forcing us to consume one of the URLs that we purchased in order to have functionality that should be native. Saying that this whole EE implementation has been challenging would be an extreme understatement. Glad to have such an active community to guide us.
Hello, sorry to revive this old thread. I was wondering if anyone knows that when extended enterprise is enabled will someone who tries to sign into the root via SSO be automatically redirected to the extended enterprise URL?
Dont think so as the SSO configuration is usually tied to the domain URL...It’s an easy test to run though...have you tried it?
Unfortunately, I can’t at the moment since the SSO configuration for our branch is not working. We are meeting with Docebo later to see. I just need to know in order to update links that are being sent out. I was hoping that if a customer of one branch landed at the root they would be redirected to their particular branch.
Unfortunately, I can’t at the moment since the SSO configuration for our branch is not working. We are meeting with Docebo later to see. I just need to know in order to update links that are being sent out. I was hoping that if a customer of one branch landed at the root they would be redirected to their particular branch.
That does occur when logging manually but I think with SSO, it would just redirect them to the login method associated with SSO (e.g.: Microsoft online/Azure)