| More control of onboarding users from external Identity Providers |
Onboarding users from external Identity Providers (IdPs) is now enhanced to
allow or not allow users to log in for the first time if their username already exists. On the
Administration > Single sign-on page under General settings, an option to enable or
disable logins with the same username is now provided. This capability can be enabled if you have
the Account-Administrator and the Cloud-Tenant-Administrator role for onboarding users from external IDPs, like OKTA and Microsoft Azure AD, if the username already exists. If this feature is disabled, users cannot log in using the single sign-on IdP, if the user is already associated with another IdP. Users with one or more external IdPs configured, are advised to consider which policy is applicable for their organization and set it accordingly. |