SSO Authentication

SAML2 SSO works a bit differently. The username and password are not entered in the WMS Cloud login page. The user instead clicks the “Login using SSO” button (which will be available after the SSO configuration has been setup by following SR process mentioned earlier). The page gets redirected to the Identity Provider’s login page where the user will login using their username linked to the IDP (this is stored in the “Alternate username” field in WMS Cloud). If the authentication succeeds, a token is returned back to the WMS Cloud and the user is logged in to the application.

Note: SAML2 being a web-based standard, this mechanism can be used only to login to the WMS Cloud web UI. RF or App login will have to use either local authentication or OAuth2 authentication. It is possible for the same user to be linked to both SAML2 SSO and OAuth2 backends (the IDP has to be the same in this case), so the same user can login via SSO to the Web UI and via OAuth2 on the RF.

SAML2 SSO backends that have been validated against WMS Cloud are Oracle IDCS and Azure AD.