If you enable SSO but then can't log in using SSO, you can use the local login to regain access. This is only available to users with the Tenant admin user role. See our knowledge base article, Rescue URL for tenant administrators.
Prerequisites
- In OneLogin, find the SAML test connector, see OneLogin's help topic, Use the OneLogin SAML Test Connector.
- Under the Configuration section, complete these settings:
- ACS (Consumer) URL: "https://<tenant.domain>/sso/saml/callback"
- ACS (Consumer) URL Validator: "https://<tenant.domain>/sso/saml/callback"
Note
If you are using a custom domain, the URLs should be the custom domain name. - Under the SSO section, copy the SAML 2.0 Endpoint (HTTP).
- At this point, it's worth stating that only users that are assigned to this app can log in. So make sure you add your users to the app, see OneLogin's help topic, Assigning Apps to Users.
Procedure
- On the Admin home page, select Settings.
- Under the Sign in section, select the SAML option.
- In the SAML SSO URL, paste the SAML 2.0 Endpoint (HTTP) you copied from the prerequisite step.
- To redirect your users to a different single sign-on URL when they sign out, in the Remote logout URL box, enter the address of the page you want to open.
- Select UPDATE.