IdeaPlace Single Sign-On (SSO)/Integrated Authentication Overview
The attached documents give an introduction to Single Sign-On (SSO) Integrated Authentication options with IdeaPlace using SAML and RelayStates. An integration with your authentication system requires a contract from IdeaPlace Technical Services. If you would like to have an integration done, submit a ticket to the support system or reach out to your IdeaPlace contact to get the process started.
Authentication - Supporting Users without Email: Following the emergence of a specific use case, we have assessed our capability to handle "dummy" email addresses. For customers that have users in environments that do hold active email addresses, we will now permit an identifier within the email address. This change has been implemented and will work in conjunction with our Single Sign On offering.
The scenario allows real users who only hold "dummy" email addresses to be registered and active in Planview IdeaPlace, but the application will not generate email for them. This protects against DDOS detection and spam email that would be sent from the application to those dummy accounts.
As an example, if a user holds a dummy email address but needs to be registered, their address can now be passed to Planview IdeaPlace in a pre-agreed format, such as: UKfirstname.lastname@example.org
If the "UK-" element is the agreed identifier in this case, the application will identify the "UK-" part of the string through a configuration setting and ensure that system emails are not generated for that user. This setting is held within the instance configuration file and will not be part of the administrator user interface.
Please contact customer care if you have inquiries regarding this use case.
SSO-enabled sites no longer have the option to have a public community within the instance.
IdeaPlace is designed to use our Shibboleth SAML SP service to integrate with customer SSO services that support SAML 2.0.
For more information see the attached SSO Datasheet