Advanced SSO Settings

Allow Users to Change Password

This feature allows end-users to change their local application password. If disabled, end-users won’t be able to reset their local application password as they won’t be able to access change password, forget password link and only system admin can reset their password.

Auto Activate Users on SSO

Enabling Auto Activate Users on SSO, will activate the deactivated users who perform SSO in the application. This will ease the admin’s work as he wont have to enable the deactivated users to allow them to perform SSO.

Restrict access to plugin APIs

When enabled, the plugin’s APIs will not be accessible from outside of the application. This feature allows you to restrict access of the plugin’s API’s in the scope of the application instance.

Remember Me-Cookie

This section allows you to set the Remember-Me cookie. When this option is enabled, a cookie is set in the browser when the user performs SSO. This cookie will allow the user’s session to remain valid until the user explicitly logs out from the application.

The user can switch applications, close the browser or exit the application without logging out. In all these cases the user’s session will remain active, until and unless logout action is performed.

Validate IdP's SAML Response (recommended)

Accept SAML Response with invalid timestamps in minutes as long as their values differ within this value.

Restrict Duplicate SAML Assertion

This feature allows you to restrict duplicate SAML assertion. If you enable this, then the SAML messages with duplicate assertion ID will be blocked by the app. This helps in increasing the security by preventing SAML Replay attacks.