How to force users to re-authenticate with SSO at each login

Symphony admins can force users to re-authenticate with Single Sign-On (SSO) every time they sign in to Symphony if desired. Otherwise, users won't be forced to re-authenticate their credentials each time they log in.

To enable re-authentication with SSO:

  1. In Symphony, select the Settings icon.

Settings_Icon.png

  1. Select Admin Portal.

Note: This option is only available if you're a designated Administrator with Admin Portal access.

  1. Select Begin Session.

Note: Session Objective and Comments are optional fields and are not required to access the Admin Portal.

  1. Enable Require users to re-authenticate with SSO at every Symphony login from Configure SSO under Company Settings.

When this checkbox is enabled, the forceAuthn attribute in the SAMLRequest sent to IdP of SSO is set to true. It is the forceAuthn attribute that determines whether re-authentication is required or not.

Further information on the forceAuthn attribute can be found here.

If you have any questions about this feature, please contact Symphony Support at support@symphony.com