How authentication fallback works
When authentication fallback is configured, BMC Helix SSO invokes a secondary authentication method configured in the authentication chain, and end users are not prompted to log in to applications again.
The following diagram shows a model for enabling authentication fallback in BMC Helix SSO:
If authentication fails at one IdP in the chain, then the request is redirected to the next IdP in the chain. If authentication fails at all IdPs configured in the chain, the system shows an authentication failure message.
To enable authentication fallback, add authentication methods into an authentication chain taking into account the following principles:
If you are using a SAML or OIDC authentication method, do not set them as the first authentication method in the chain.
Add Comment