SAML harness payload should include the ACS URL
complete
M
Many Marsupial
The Feature request is for Harness to enhance the payload by incorporating the necessary information about the account it has access to. By including this account-specific data in the payload, customers will be able to utilize it effectively within their Identity Provider (IDP) to distinguish between different Harness accounts, such as Production and Sandbox. This addition will significantly improve the overall functionality and usability of the SAML authentication process, enabling customers to seamlessly manage and differentiate their various Harness accounts through the IDP integration.
Log In
Canny AI
Merged in a post:
Support for multiple accounts with SSO
M
Managerial Giraffe
We currently have an account with FME enabled. As part of a separate proof of concept, we had another account created to prove out IDP. We wanted to use SSO with both accounts, however, we are unable to do so due to Harness omitting the AssertionConsumerServiceURL from its AuthNRequest. Since no AssertionConsumerServiceURL is available to reference, the default reply url configured on our side in Azure is used. When we want to SSO to the other account, we have to update the default reply URL to the other account. While this is somewhat manageable for our situation since it is just a proof of concept, it means a single organization would not be able to support multiple accounts.
Prateek Mittal
complete
Prateek Mittal
pending feedback
Prateek Mittal
under review
Prateek Mittal
Hi Jetal, Can you give an example of the payload you are referring to? We currently support the integration with IDPs which are mentioned here - https://developer.harness.io/docs/platform/Authentication/single-sign-on-saml. To further clarify, will you be open to join a call to discuss this further.