Hi All,
qq--is there a way to disable SSO login for one account.
we have one user created in OneStream as a contractor, and now we want to enable that user to login to OneStream application without SSO.
Our OS app is configured with SSO sign, so we get a code whenever we login, but i wanted to overcome this to the Contractor id, is there any way that we can disable the SSO login.
Any Suggestions pls.
Thanks in Advance.
Thanks
Satish P
OneStream EmployeeYou can set up a Native user that logs in using Native Authentication where you use a simple ID and Password stored directly in OneStream.
Hi PKiernan
Thanks for your reply.
In our test instance, we have enabled Native login, and I am able to log in without any issues.
However, my requirement is to use a dedicated technical user for all our automation jobs.
For example, we have automated our security provisioning via SailPoint using REST APIs and Token. But in the Task Activity log, it shows my name for auditing because I am the one who generated the token. To avoid this, we want to use a contractor user as the technical account.
In our test environment, this works because i disable the External Authentication Provider, which allows Native login for that contractor account. But in Production, Native login is disabled entirely, so this approach does not work.
I would like to check if there is any way to disable SSO only for a specific user in Production. The goal is to log in with the contractor account without OTP, access the OneStream application, and generate the required API token using that ID.
Please let me know if there are any recommended options or best practices to achieve this.
OneStream EmployeeI think in the security window for that user, you can just change this drop-down back to "Not Used" and then they would need a native password which you would provide for them and they will have to change at first log on:
If this is allowed, then they will log on with their OS username and OS password.
This is of course, if your customer allows Native Logon which is a server-side setting of True done at initial install. If that has not been set to True, then you cannot allow native logon IDs.
You would then have to open a ticket to get this set to True by One Stream support:
Hi Kress,
Thanks for your reply.
In our test instance, we have enabled Native login, and I am able to log in without any issues.
However, my requirement is to use a dedicated technical user for all our automation jobs.
For example, we have automated our security provisioning via SailPoint using REST APIs and Token. But in the Task Activity log, it shows my name for auditing because I am the one who generated the token. To avoid this, we want to use a contractor user as the technical account.
In our test environment, this works because i disable the External Authentication Provider, which allows Native login for that contractor account. But in Production, Native login is disabled entirely, so this approach does not work.
I would like to check if there is any way to disable SSO only for a specific user in Production. The goal is to log in with the contractor account without OTP, access the OneStream application, and generate the required API token using that ID.
Please let me know if there are any recommended options or best practices to achieve this.
OneStream EmployeeIn your production environment, I do not believe what you need is to disable SSO for one user, but instead enable native logon and only use native logon for that one user. You can leave all other users in production as SSO. If this is the requirement, I would suggest opening a support case to get native access enabled in production.
I am not sure otherwise, if there are any other options other than creating an account in your SSO authenticator environment that can be used as this "system logon" and then that ID would use SSO, like all others.
Maybe someone else will have other ideas.
