User Facing Login Issues with SSO

royabhishek92
New Contributor

User Facing Login Issues with SSO

We have recently enabled SSO Login for our workspaces and using it for a while.

 

Got a strange error this morning and contacted the Support Agent for assistance.

 

It turns out that the account was inactivated  - possibly due to password expiry.

 

Can someone confirm if the Anaplan  Password is still set to auto-expire in 3 months for SSO Login setups as well?

 

Attached the Error User got during Login

3 REPLIES 3
rob_marshall
Moderator

Re: User Facing Login Issues with SSO

@royabhishek92 

 

This would be a support issue (support@anaplan.com), not so much a Community issue.

 

Rob

Stacey_Gibbens
Certified Master Anaplanner

Re: User Facing Login Issues with SSO

Hi @royabhishek92 

We actually had a similar issue at one point.  We have SSO required for all users.  We have not deployed the Anaplan mobile app.  One user saw the Anaplan mobile app in the Apple app store, downloaded it, and then tried multiple times to log in (outside of SSO). 

Multiple bad attempts will cause the account to be locked.  It was very confusing, because he wasn't disabled from our end and he wasn't disabled in the Administration pages.  It was only after talking with Support when we realized he had been locked on the back end due to multiple bad login attempts.  

My understanding is that SSO completely bypasses the normal username/password method/requirements and therefore the user doesn't even need a password set up in order to use SSO.  (how would they set up a password is SSO is enforced...?)

I hope sharing this experience is helpful for others to read!

Stacey

Sheethal
Certified Master Anaplanner

Re: User Facing Login Issues with SSO

Hi Stacey,

Even I faced the same issue for one of my users.

I believe, even for SSO users, if multiple bad logins are attempted (via non SSO users' log in screen), then the security feature of blocking the user kicks in. In my opinion, instead Anaplan should give an error saying that the user is a SSO based user & he/she should use the SSO log in screen.

With respect to the other point you mentioned, it will make troubleshooting easier if there is a screen which shows the list of such blocked users.

Sheethal N