A user who does not have an account at the tenant can be prompted to register during a single sign-on transaction. You can ask the hosting administrator to set up a partnership where an external service, such as Google or Facebook serves as the IdP. The user has to have an account with the external IdP to authenticate.
When a user requests a protected resource, they are redirected to an external IdP for authentication. After successful authentication, the IdP sends the user back to the SSO service where the user is prompted to register. Registration is optional.
The user is not limited to one external IdP. However, selecting a different external IdP for a subsequent request requires that they self-register again as a new user with a new account.
During the self-registration process, a user can set their password. If the user sets the password, the user can then log in to the application directly with a user name and password. If the user does not set the password, the user always has to log in with the external IdP first.
|
Copyright © 2014 CA.
All rights reserved.
|
|