<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009TDgPwCALOkta Classic EngineSingle Sign-OnAnswered2024-07-08T09:37:22.000Z2023-07-21T17:43:07.000Z2023-10-18T15:34:27.000Z

tp2pv (tp2pv) asked a question.

Edited July 21, 2023 at 5:43 PM
Sending the login email address in the SAML for an Authorization Request.

I am rather new to this, so I apologize if this is an obvious question.

 

We have a web application that uses SSO, and it works ok. The problem we're having is that if the user signs out of our app, and a new user signs in using the same system, the Okta authentication flow provisions the first user's credentials.

 

Is there a way to send in the email address of the user attempting to sign into our app in the first Authorization Request, so that Okta will request the credentials if the email address is not the same as the previously signed-in user?

 

Thanks for any help!

  • 2 answers
  • 654 views

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello @tp2pv (tp2pv)​ Thank you for reacting out to our Community!

     

    The reason for this might be the fact that the user still has an active Okta session. In this case on thing that might help would be implementing Single Log Out, this way when a user logs out of the application they will also terminate the Okta session thus forcing the new user to authenticate into Okta with the proper info.

    Please see our doc on Single Log out

    https://help.okta.com/en-us/Content/Topics/Apps/Apps_Single_Logout.htm

     

    Community members help others by clicking Like or Select as Best on responses. Try it today.

    Expand Post
    Selected as Best

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello @tp2pv (tp2pv)​ Thank you for reacting out to our Community!

     

    The reason for this might be the fact that the user still has an active Okta session. In this case on thing that might help would be implementing Single Log Out, this way when a user logs out of the application they will also terminate the Okta session thus forcing the new user to authenticate into Okta with the proper info.

    Please see our doc on Single Log out

    https://help.okta.com/en-us/Content/Topics/Apps/Apps_Single_Logout.htm

     

    Community members help others by clicking Like or Select as Best on responses. Try it today.

    Expand Post
    Selected as Best

  • tp2pv (tp2pv)

    Thank you for your reply Paul. That indeed seems to be the case.

    Instead of implementing the Single Log Out, we ended up adding a configuration option to the application to allow setting the ForceAuth flag to true when sending the authentication request after a logout.

    Thanks for the help!

    Alfredo

    Expand Post
This question is closed.
Loading
Sending the login email address in the SAML for an Authorization Request.