Why do I have to change my password when I am using SSO login?
Question
When a user logs into the platform for the first time, they might be asked to change their password, even if they log in via a Single Sign On (SSO) mechanism like SAML. Why am I presented with this dialog when I log in via an external Identity Provider?
Answer
For security purposes, we require users to change their password after they have received an invitation email that contains their user credentials (see screenshot below how such a user is created). This ensures that nobody will gain access to the iGrafx platform when getting access to the user's email account in the future. For users that are created, after SSO is enabled, we recommend to send an invitation email without user credentials. In that case, the user will only receive a link to the platform and can use SSO to log in without being asked to enter a new password.
Additional information: When prompted, we suggest to enter a sufficiently long and safe password, even if it cannot be used to log in to the platform. This password is not their SSO/SAML IDP password and the user will not be able to log in via SSO using this password because it is only stored on the iGrafx platform. However, the user may use the password for basic authentication to use the REST API if this module was purchased and basic authentication is enabled. The password may also be used to log in via the iGrafx Desktop Client, if a client license is present.