AppNeta Single Sign-On - Adding/Removing Child Organizations from SSO Configuration
search cancel

AppNeta Single Sign-On - Adding/Removing Child Organizations from SSO Configuration

book

Article ID: 257811

calendar_today

Updated On:

Products

AppNeta

Issue/Introduction

SSO can be enabled or disabled for specific Child Organizations that exist under a Parent Organization within AppNeta SaaS allowing you more control on which Organizations SSO Users can be a part of.

Resolution

A User with the Organization Admin role can Enable, Disable and Edit SSO Membership for the Child Organizations by following these steps:

1. In your Organization, go to Manage Identity Providers from the gear drop-down:

 

You will see your SSO Identity Provider Configuration appear on the screen, from here you can disable (or enable) and edit the SSO configuration for your Organization.


***NOTE*** If you wish to remove a Child Organization's membership to a SSO connection, you must disable the SSO Connection from this screen before proceeding.

For our example, our test organization below:

2. In the small cog wheel icon, click on Edit:

3. From the menu which pops up you can enable/disable which child orgs also are part of the SSO configuration with the Checkboxes:

4. Click Save to submit the Organization membership changes in the SSO connection. 

If you disabled the connection earlier to remove a child organization, do not forget to re-enable it!!

 

Additional Information

By default when a Child Organization is selected the SSO User will gain access to ALL of the selected Organizations.  If you wish to restrict Org Access via SSO you will need to add a custom assertion called orgNames and specify which Org they should be a member of by passing the desired org name.

The specifics for this are highlighted in our TechDocs page for SSO under Organization Access: https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/appneta/GA/appneta-overview/system-administration/single-sign-on.html