Anywhere - embedded with identity provider

An Identity Provider (IdP) is a system that verifies users' identities and allows them to access multiple applications with a single login, known as Single Sign-On (SSO).

It simplifies user authentication across various platforms while ensuring security through methods like multi-factor authentication (MFA).

Examples include Microsoft Entra ID and Okta.

IdPs also help organizations manage user access centrally, making it easier to enforce security policies. By using standard protocols like OpenID Connect, OAuth and SAML, IdPs enable secure data exchange between systems.

Overall, they streamline user access and enhance security in digital environments.

TARGIT supports IdP through an app registration. Read more about app registration in this article.

Once an IdP has been configured in TARGIT, the users can logging with Single Sign-On.

There are some limitations to IdP login, when embedding applications in websites.

 

From Microsoft Entra ID we have seen errors like:

login.microsoftonline.com refused to connects.

 

Embedded in an iFrame with providerID specified

I’m testing with this URL:

https://targitdemo.com/?page_id=555

Url in the iframe: https://presales.targit.cloud/?providerID=presalesTargitCloud

In this scenario I’m logged in with the user Alvaro Bennett from targitdemo.com domain.

Requirements for SSO to work:

  1. User must be logged in at the IdP and at the same app registration. In this case I’m using Microsoft Entra ID
  2. The user cannot have multiple active users on the same IdP (here, Microsoft Entra ID)

 

Known Error scenarios:

No active user:

In this scenario, I’m not logged in with any account in Microsoft Entra ID, so Microsoft Entra ID throws an error.

As TARGIT is embedded in an iframe, Microsoft Entra ID does not allow to ask for login, so I get the error "login.microsoftonline.com refused to connect"

If I open the URL directly (https://presales.targit.cloud/?providerID=presalesTargitCloud) in a new browser tab, I get this:

After logging in from a new browser tab, the embedded version works again – but only if I only have one account on Microsoft Entra ID.

Multiple active users on same Identity Provider:

When I log in with my test@targit.com account (Microsoft Entra ID), so I’m active with test@targit.com and alvaro.bennett@targitdemo.com at the same time.... it fails again:

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.