Pros and cons of Just-in-time provisioning and Synchronized cloud directories.
2 Step Login
Redirect to specific SAML identity providers based on email domain, user directory or group memberships.
Many organizations have multiple user groups with various login requirements. While SSO to Atlassian application is typically setup as the default login mechanism for most users, it is also commonly necessary to give user who are not a part of the corporate user databases (for example external consultants, system admins and interns) access. 2 Step Login allow you to align one or more SAML identity providers with traditional and native username / password login.
When 2 Step Login is set up, users are asked to type their username but not the password in the login form. Then based on properties of the particular user, he or she is redirected to the relevant SAML identity provider or simply asked to type the built-in password.
The following three redirect modes are available for 2 Step Login in the Kantega SSO Enterprise app:
- Email domain - Redirect user based on the domain part of their provided username.
- User directory - Redirect user based on the user directory they are stored.
- Group memberships - Redirect user based on the groups they are members of.
2 Step Login is enabled and configured in the Redirect mode page in the identity provider setting. The following video demonstrates both how to setup this and this plays out in practice for the users.