Who is this article for?

IT Personnel responsible for managing SSO config.

IT access is required.

Single Sign-On (SSO) is a session and user authentication service that allows a user to log in to various systems using a single set of credentials. This also allows multi-factor authentication (MFA) to be implemented for enhanced security.

Issues have been identified with Single Sign-On (SSO) configuration which are outlined in this article:

1. SSO did not request username, password and MFA in desktop
2. SSO did not request for 2FA in first e-signature

SSO did not request username, password and MFA in desktop

Ideagen Quality Management (Professional) may not prompt for a username, password, followed by 2FA if a matching SSO account is already linked to the Windows Account.

When this takes place, the user is treated as an authenticated user.

This behavior has been identified when using Microsoft Azure Entra as the SSO provider and can be adjusted via the Entra Conditional Access Policy.

To adjust the policy:

1. Access your Entra system.
2. Browse to Session section.
3. Set the sign-in frequency to Every time.

Once configured all users will be prompted for authentication. 

Note: That there is a 5-minute prompt tolerance period from the previous SSO login authentication.

SSO did not request for 2FA in first e-signature

If enabled, Ideagen Quality Management (Professional) will require authentication for electronic signatures when carrying out an action in the system.

Behaviour has been observed where multi-factor authentication was not triggered when completing an electronic signature.

This is under investigation by the Ideagen team.