Question

Need help: d\Does anyone use SAML-SSO with EE and mobile app?

  • 19 December 2022
  • 5 replies
  • 62 views

Userlevel 7
Badge +6

We have an EE instance in.leadingre.com/lyon

We did something to our SAML - Auth0 and now any link that begins in.leadingre.com/lyon/* doesn’t work in mobile app - gives a “link type not supported” error.


5 replies

Userlevel 7
Badge +6

@lrodmanI’ll bet that it has to do with the number of levels that you have in your domains. 

https://help.docebo.com/hc/en-us/articles/360020124899-Managing-the-Extended-Enterprise-App

Remember that

  • leadingre.docebosaas.com is Level One
  • in.leadingre.com/lyon is Level Two AND Three, I think
  • ...that would make in.leadingre.com/lyon/* Level 4, (assuming by * you mean another folder level) and as the KB article above says, Learn can only support three levels. See the section “Creating Clients for Your Extended Enterprise” specifically.

So it might not be your SAML/SSO changes that caused the problem, but your domain/folder mappings.

Regards,

KMallette/Viasat, Inc.

Userlevel 7
Badge +6

My understanding would be that 

in.leadingre.com is level 3

leadingre.docebosaas.com is level 3

 

leadingre.com is level 2

.com is level 1

Userlevel 7
Badge +6

@lrodman Anything with docebosaas.com is Level 1...EE picks up after that, so in.leadingre.com is Level 2. I understand that .com is a “level” but for the purposes of Docebo Learn and EE, I think of docebosaas.com working as a single level
 

Our Level 1 is viasat.docebosaas.com

Level 2 is viasatdiscover.com

Level 3 is bbs.viasatdiscover.com  and several others. 

We don’t promote using the mobile app, but about 30% of our users use Go.Learn and they are able to manage properly. We don’t use deep links either, so I can only speak really to the domain level part of this. Would love to hear what you learn. Hopefully your checking with the IT guys that made changes to your SAML/SSO … maybe you need new endpoints in SSO ???

KM

Userlevel 7
Badge +6

By in.leadingre.com/lyon/* I just mean /pages or /learn, etc.

 

I looked at the changes together with IT, it was just allowing in.leadingre.com/lyon/simplesamlwhatever to perform callbacks to the SSO system (Auth0).

 

We’re queued up with support, and hoping this is resolvable. It looks like branded mobile app only supports one url, so if we had our EE customers use custom domains, they wouldn’t be able to use the branded mobile app… not a good spot for me to be in :D

Userlevel 7
Badge +6

@lrodman Actually, now that you mention branded apps, I remember that part of our reason for NOT using a branded app was that it only went with one EE branch.  So in our case, we would have needed to lay out $10K/year for several branches and that just didn’t make sense to us.

Good luck!

KM

Reply