Single sign-on (SSO) FAQs
A selection of frequently asked questions about Single Sign On.
What is SSO?
SSO (Single sign-on) is a sign-in method that allows a user to log into one application and access all of their accounts from one place.
What Identity Providers does CodeScan integrate with?
CodeScan can integrate with any Identity Provider that supports SAML 2.0. In the past, we have worked with:
ADFS
Microsoft Azure
Okta
PingOne
What happens to users who try to login via Auth0 when SSO is enabled?
When SSO is enabled, attempting to log in via Auth0 results in the user account being locked out. Once a user begins using SSO Login, they should refrain from using Auth0 and any attempt to log in using Auth0 would create a new account. Since, CodeScan has a constraint of unique email, the user will be unable to log in because there are already two users in the application with the same email address.
Resolution steps: Remove the user from the CodeScan platform and add them back. It necessitates engineering support from CodeScan.
Is it possible to merge SSO with Auth0?
CodeScan can combine an existing Auth0 with SSO if the user's email address matches. This makes sure that after switching to SSO Login, all user-related information, such as user permissions, groups, user tokens, and assigned issues, stays intact.
Why there is duplication of few users when SSO is enabled?
When SSO is enabled, non-Admin users who were using Auth0 authentication before, experience an issue where two users' accounts appear for a single user.
This may occur if:
The user's Identity Provider was incorrectly configured, preventing CodeScan from receiving emails. Merging will only take place if the
Email
field for the SSO user is filled in.The SAML attribute, which the non-Admin user uses to pass the email details to CodeScan, contains a different value than the email associated with the Auth0 user account.
Resolution steps: The users need to review the SSO configuration in their Identity Provider and identify and fix the issue. They must then approach the CodeScan team to request the deletion of the users incorrectly created using SSO.
What happens to users who are logged in to CodeScan before SSO is enabled?
If a user is logged in to CodeScan before SSO is enabled, they will not be automatically logged out but will have to log in through the Identity Provider upon their next login.
If a user's session times out, CodeScan will direct the user back to the Identity Provider to re-authenticate. If the user logs out of CodeScan, the user will have to log into CodeScan via the Identity Provider.
How do I add users to CodeScan after SSO is enabled?
All non-Admin users must log in using the Identity Provider after SSO is enabled. To access your CodeScan organisation, new users must first be added to the Identity Provider.
Note: If your team has single sign-on (SSO) and Enforce SSO
enabled, Admins should not invite new users via the CodeScan app. You must invite new users via your Identity Provider.
Last updated