Cumulocity IoT SSO login FAQ
What will happen if I delete the local cumulocity user?
- If you delete the local Cumulocity user and the user logs in again using SSO, the account will be automatically re-created during the first login. If Dynamic Access Mapping is configured, the appropriate roles and permissions will be assigned automatically. Otherwise, the administrator will need to manually assign the necessary roles to ensure proper access to Cumulocity.
Note: - Verified.
What will happen if I delete the SSO user?
- If you delete the SSO user, Cumulocity will have a local user, but it does not store the credentials in Cumulocity, so the login does not work. The local user must be cleaned up by the Administrator, and the User must sign up again in SSO.
Note: - Verified
What will happen if local cumulocity user still there and SSO sign up using same email id / user Id
- This behavior can be configured per tenant. Depending on the configuration, either an error will be thrown indicating that a local user with the same ID already exists, preventing the SSO login, or the system will allow the SSO login and sign in to the existing local user account.
Note:- Verified
How to assign a default role to a user on SSO Sign up
- We can use dynamic role mapping in Cumulocity SSO to assign a default role on SSO signup and it will allow user to login into default app with limited access controlled by default role.
Cumulocity documentation
How to get rid of the default Cumulocity basic Auth form
- Use the Forbidden for web browsers toggle to disallow the usage of basic authentication for web browsers. (Basic settings - Cumulocity documentation)
Note: - verified
Is this possible to have land user in a static page and later route the user to a right application based on their role or access?
- Yes, we can create a custom application with a static HTML page and a default global role. Assign the default global role to the user on SSO sign up using SSO dynamic role mapping and user should be redirected to this custom application by default by setting this custom app as tenant default application. The default role will have no cumulocity access except the custom application.
This custom application will have the logic to check SSO user’s role and based on that route the user to right application. This routing can happen seamlessly with addition authentication since these are SSO users and no additional authentication required.