Two seperate Cloud SWG tenants provisioned - one with Management Center enabled and one for Portal managed policies.
One Cloud SWG tenant is federated via SAML - [email protected] - but the other Cloud SWG tenant should not be. However, the admin email address is part of the same domain as the federated tenant - [email protected].
Since the domain is the same, user is automatically redirected to the SAML IDP server to authenticate.
Are there any parameters to pass into the Portal to force a local login, even though tenant is federated?
Cloud SWP Portal federated.
SAML Authentication enabled for Portal.
Federation is determined based on the email domain - any Cloud SWG admin user on any tenant with the same email domain will be redirected to the same SAML IDP server.
To force a local login, access https://accounts.saas.broadcomcloud.com/oidc/authorize?okta_admin_flow=1 and then go to portal.threatpulse.com.
The Portal, by default, generates an OpenID Connect request to a broker and eventually into the Broadcom Okta authentication server. When the above request comes in, it will force a local login, as opposed to the default triggering of SAML redirects to the federated IDP server.
Assuming that you are using the local admin password, you will be logged in locally.
Another option is to create a second admin on this Cloud SWG tenant, where user has an email domain that is different to the federated email domain. This is always a good practice in case the SAML IDP server is down, or unaccessible.