From 06135aea2fe19981c2007beac3e269009eecf3eb Mon Sep 17 00:00:00 2001 From: Adam Dabrowski Date: Fri, 26 Jan 2024 16:21:04 +0100 Subject: [PATCH] Fix link to anchor for Big Bang --- docs/basics/sso/configuring-sso-in-okta.md | 2 +- docs/basics/sso/migration-from-deprecated-sso.md | 2 +- docs/basics/sso/setting-up-sso.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/basics/sso/configuring-sso-in-okta.md b/docs/basics/sso/configuring-sso-in-okta.md index 33b0cc76c3..ec46422b28 100644 --- a/docs/basics/sso/configuring-sso-in-okta.md +++ b/docs/basics/sso/configuring-sso-in-okta.md @@ -13,7 +13,7 @@ Sauce Labs app from the Okta catalog supports the following features: - [SP-initiated SSO](/basics/sso/logging-in-via-sso/#service-provider-sp-initiated-sso). - [IdP-initiated SSO](/basics/sso/logging-in-via-sso/#identity-provider-idp-initiated-sso). - [JIT (Just-In-Time) Provisioning](/basics/sso/setting-up-sso/#just-in-time-jit-provisioning). -- [Big Bang configuration](/basics/sso/setting-up-sso/#enforce-saml-sso-big-bang-configuration). +- [Big Bang configuration](/basics/sso/setting-up-sso/#enforce-saml-sso---big-bang-configuration). Complete the following steps to set up SAML SSO integration between Okta and Sauce Labs: diff --git a/docs/basics/sso/migration-from-deprecated-sso.md b/docs/basics/sso/migration-from-deprecated-sso.md index 70f81161b6..6f46cb9d83 100644 --- a/docs/basics/sso/migration-from-deprecated-sso.md +++ b/docs/basics/sso/migration-from-deprecated-sso.md @@ -26,7 +26,7 @@ You will have access to the configuration panels of both integrations in the Tea | SP-initiated Flow | The new SSO supports both [Service Provider (SP) initiated and Identity Provider (IdP) initiated SSO](/basics/sso/logging-in-via-sso), whereas the deprecated SSO only supports IdP-initiated flow. | | Email Domains | Assign your [company email domains](/basics/sso/setting-up-sso/#email-domains) to your SSO integration at Sauce Labs to allow for provisioning of new accounts via SP-initiated flow.

The deprecated SSO does not require email domains as it does not support SP-initiated flow. | | JIT Provisioning | In the new SSO, JIT (Just-In-Time) provisioning is enabled by default and cannot be disabled. This means that if a user from your Identity Provider (IdP) does not have a Sauce Labs account, one will be automatically created for them.

However, in the deprecated SSO, it was possible to disable this feature. In such cases, it's important to note that users from the IdP who do not have accounts in Sauce Labs will still be able to provision accounts automatically. Keep this in mind during the migration process from deprecated SSO to the new SSO. | -| Enforce SAML SSO | This [setting](/basics/sso/setting-up-sso/#enforce-saml-sso-big-bang-configuration) is also present in the new SSO, but it is common to both the new SSO and the deprecated SSO. When turned on, it allows authentication only via either the new SSO or the deprecated SSO. When turned off, users can also log in via username and password, in addition to SSO authentication. | +| Enforce SAML SSO | This [setting](/basics/sso/setting-up-sso/#enforce-saml-sso---big-bang-configuration) is also present in the new SSO, but it is common to both the new SSO and the deprecated SSO. When turned on, it allows authentication only via either the new SSO or the deprecated SSO. When turned off, users can also log in via username and password, in addition to SSO authentication. | | User Identifier (NameID) | The [Name ID format](/basics/sso/setting-up-sso/#name-id) must be set to `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` in the new SSO. The value of the attribute NameID in the SAML response must be a valid email address. We do not accept non-email address values, such as usernames or IDs.

The deprecated SSO accepts any value in NameID, such as usernames, email addresses, or other user identifiers. | | No Unique Identifier String (UIS) | In the new SSO, there is no need to specify the [Unique Identifier String](/basics/acct-team-mgmt/org-settings/#single-sign-on-settings-deprecated-flow) which was used in the deprecated SSO to generate usernames for new users.

Usernames for accounts provisioned via the new SSO are generated according to the [following pattern](/basics/sso/setting-up-sso/#usernames). | | Team Placement | New users are provisioned in the [default team](/basics/sso/setting-up-sso/#team-placement) in the new SSO, unlike the deprecated SSO where you can specify a team for new user provisioning. | diff --git a/docs/basics/sso/setting-up-sso.md b/docs/basics/sso/setting-up-sso.md index b779fec338..d3f6164688 100644 --- a/docs/basics/sso/setting-up-sso.md +++ b/docs/basics/sso/setting-up-sso.md @@ -20,7 +20,7 @@ Sauce Labs supports the following features: - [SP-initiated SSO](/basics/sso/logging-in-via-sso/#service-provider-sp-initiated-sso). - [IdP-initiated SSO](/basics/sso/logging-in-via-sso/#identity-provider-idp-initiated-sso). - [JIT (Just-In-Time) Provisioning](#just-in-time-jit-provisioning). -- [Force authentication](#enforce-saml-sso-big-bang-configuration). +- [Force authentication](#enforce-saml-sso---big-bang-configuration). ## What You'll Need