You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Federated users randomly becoming unfederated

in Identity and Access Management

Summary:

Some of our federated users are randomly becoming unfederated. What could be the cause and is there a solution?

Content (please ensure you mask any confidential information):

Our process is as follows:

  1. We create a user in a Domain in OCI
  2. We edit this user's account and toggle their Federated flag to On, thus disabling local passwords and forcing them to SSO through the IDP we have set up
  3. Randomly, some users will notice that their Federated flag will be set back to Off, and they are now able to create a local password to log in

We don't sync users with our IDP in the Domain, we merely use the IDP as an authentication factor for the SSO. The users are maintained by creating or deleting them in the OCI Domain. We have examined the logs, but we cannot seem to pinpoint exactly when this takes place, as it is only noticed during an account review, or if a random user cannot authenticate through SSO or is able to create a local password. Has anyone else experienced this? We are seeing it across two separate Tenancies.

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!