Enabling authentication chaining mode
As a Remedy Single Sign-On administrator, you can configure several authentication methods for a realm and chain them as required.
You might need to configure an authentication chain for a realm to enable one of the following mechanisms:
- Authentication fallback—when the primary authentication fails, Remedy SSO invokes the alternate authentication methods and end users automatically log in to the applications integrated with Remedy SSO.
- Reauthentication—when an application integrated with Remedy SSO requests to confirm an end user password when an end users tries to perform a critical business action, such as approving a service request, a reauthentication request is triggered.
- Authorization—to provide data for end user authorization on an application side, you can configure Remedy SSO to send user groups from IdPs in the chain in response to a request from the application.
Before you begin
Add a realm and configure an authentication method for it. For information about how to do this, see Adding and configuring realms.
Before configuring authentication fallback, review the authentication fallback chaining principles, described in Authentication fallback.
Before configuring an authentication chain for reauthentication, review Reauthentication chaining principles.
To add an authentication chain for a realm
- In the left navigation panel of the Edit Realm page, click Authentication.
- Click Enable Chaining Mode.
- Click Add Authentication.
- Select a valid fallback authentication type which you can chain with the first authentication type.
- Complete the required fields for the second authentication method.
- Click Save.