Problem  Customer migrated all users from username/password to Azure SSO with conditional access, and they planned to change on tenant level "Disable standard login (Ensure SSO is working first, to prevent a lockout.)."    The problem is after changing all users, the API scripts fail now as the login does not work anymore, and we see in the logs a failing on login my manual login as obviously the account is SSO configured for our security baselines.     Customers need to be able to lock down SSO on tenant level and all account levels for security baseline requirements and still support API functionality we use to generate PowerBI dashboards etc.    Solution  This API access is the reason we have the ability to mark accounts as not SSO enabled.       So even though their setting will be to disable SSO for users.  They can individually keep some account SSO disabled so it can be used via patch daemon etc.  When clients enable these settings ,    In such a situation, a login page will not allow standard login, but it can be accessed via API.  Expectation is all logins can only be via SSO, and our login screens behave that way by disabling standard login.   Please Note:   A root can disable its or other users' SSO requirement individually in user management.   So, although such a user can still use standard login, but the same user could be used by patch daemon or API to bypass SSO.   When the “Disable standard login” option is selected. The disable SSO  option is for all users except Root admin and Partition Admin.   User Management can do “Use SSO for authentication” which will disable standard login for user and login  authentication type available in User Management tab, and they can switch all accounts to SSO.              ... View more

Summary  This article will help our SVM customers with how they integrate the Azure SSO with SVM. Steps  Create a sample SVM user with specific SVM modules, which you want to use to copy permissions for Azure AD users to create in SVM Enable SVM SSO from SVM > Configuration > Service Provider Configuration Check the Automatically create new user check box and select the SVM user to copy for permissions. Create an SSO(SAML) application in Azure Portal Edit the Basic SAML Configuration Copy the Metadata URL and SAML URL from the SVM SSO configuration and paste them into the Identifier (Entity ID), Reply URL (Assertion Consumer Service URL).  Edit the User Attributes & Claims and add the attributes as mentioned below and use the account key from the SVM SSO configuration section  Add and assign users or groups from the Users and Groups in the Azure SSO configuration section. Copy the App Federation Metadata URL from Azure and paste it into Provide IdP Metadata URL section of  SVM SSO configuration. Try to login in from the Azure user account to test if you are successfully logging into the SVM.     ... View more