Single Sign-on uses Advanced Authentication for all authenticate processes. Advanced authentication uses methods and chains to provide different authentication methods to the users. When you create an application, Advanced Authentication automatically creates two default chains: LDAP Password Only and Password Only.
If you want to use additional chains than the default chains, you need to create new methods and chains. After you create the new chains, they appear when you create or edit a custom SAML application.
You can select one or more chains for the users to use when authenticating to the SAML application. The users must be able to successfully complete all of the chains selected to be authenticated to the SAML application.
To select chains:
Select one of the following options for Allow Users to Select Chains:
NOTE:There is a corresponding option in the Advanced Authentication chains settings that display the option that you select.
Enables users to select any authentication chain during the authentication process.
Designates the top selected chain as the primary authentication method during the authentication process.
Allows users to customize authentication preferences by selecting the first chain and providing additional options during the authentication process.
Select one or more of the default chains listed, then select Done.
(Conditional) To select different chains.