Skip to Main Content
Status Already exists
Categories Application
Created by Fabian Henzler
Created on Feb 25, 2015

Bypass SAML2 Login in error cases

We need a way to fall back to login with username and password in cases of errors. Easiest way would be with an URL Parameter to pass.

  • Attach files
  • Fabian Henzler
    Feb 26, 2015

    Hi Chris,

    thanks for for your reply :)

    everything you described is exactly my problem. Our team is working in different time zones all over the world. Frankfurt, Sydney, San Francisco, and many more. When I wake up, the other guys are already having a beer in a bar ;) so my problem is and concretely was this week, that I couldn't login with SSO because of a little glitch. Nobody of my other collegues were available to set my account to user/password auth - and they couldn't have done it anyway because all of our users use SSO. result --> I couldnt work, nobody could have worked :(

    in our application we have an emergency switch for such reasons as a URL Parameter that let's you login with username/password in such cases - this switch would have helped me a lot this week, because I had a meeting presenting my new way of working with aha :/ I needed to reschedule, no problem. But working with customers and aha and not everything is in the notebook I need to show at that moment - I always need some sort of fallback to be able to always access the system :)


    awesome product by the way - I'm already an evangelist telling the aha story to everyone ;)

  • Admin
    Chris Waters
    Feb 26, 2015

    It is already possible to bypass the SSO login if you are using password authentication. We always show the email/password login form below the SSO button on the login page.

    Note however, that if a user account is set to login with SSO, then we do not allow that user to ever login with their email address and password. This is because allowing a user to bypass SSO would remove one of the key SSO benefits: centrally disabling all systems for a user. If a user that was disabled via SSO could just bypass it using their password that would be a problem.