Skip to content
English - United Kingdom
Sign in
  • There are no suggestions because the search field is empty.

How does login work with SSO and password login?

SpeakUp routes each User to the right login path based on three things:

  1. How many Identity Providers (IdP) are configured.

  2. Whether email domains are mapped.

  3. Whether password login is enabled.

This article explains how those settings combine at login.

Refer to How do I add SSO to the system?, How do I add an additional Identity Provider?, and How do I enable password login alongside SSO? for the configuration steps that feed into this flow.

The login flow:

When a User opens the login page and enters their email address, SpeakUp checks the email domain against the configured Identity Providers and the password-login setting, and routes the User accordingly.

Configuration Domain check If domain mapped If domain not mapped If unauthorised in IdP
One IdP, no domain mapped, password login off Not applicable, all Users redirected All Users redirected to the IdP login page All Users redirected to the IdP login page Error shown
One IdP, domain mapped, password login off (unlikely scenario) Domain verified against the mapped domain Redirected to the IdP and signed in on return Error shown Error shown
One IdP, password login on Domain verified Redirected to the IdP and signed in on return Password input shown, User authenticates with password Error shown
Two or more IdPs, password login off Domain verified Redirected to the matching IdP and signed in on return Error shown Error shown
Two or more IdPs, password login on Domain verified Redirected to the matching IdP Password input shown, User authenticates with password Error shown

 

  • Email domains are only validated against enabled Identity Providers. Removing an Identity Provider removes its domain mappings from the login flow.
  • For SSO Users, SpeakUp identifies the account by the Identity Provider's stable user ID, not by email. If a User's email changes in the Identity Provider, they keep access to their existing SpeakUp account.
  • SSO error messages and password-login error messages (incorrect credentials, too many attempts) are distinct, so Users get an accurate explanation of why a login attempt failed.