‎12-14-2017 12:09 PM
Disallow login.do page to restrict users from backdoor entry. Whenever a user try to use /login.do it should redirect to sso login url.
‎12-14-2017 12:35 PM
‎06-08-2019 01:06 AM
‎06-10-2019 01:45 PM
I don't know if this is strictly on point for your use case or not, but I had a similar requirement a couple of weeks ago. In our case, we needed external user redirected to the service portal login, and internal users directed to the UI. I created a role for internal users, assigned it to the groups that needed UI access, then made a small change in the Script include SPEntryPage
Within the getFirstURL function, I added:
getFirstPageURL: function() {
var session = gs.getSession();
this.logProperties('before', session);
var check = session.getRoles();
// has roles and is not a Service Portal page - go to UI16
var nt = session.getProperty("nav_to");
var isServicePortalURL = new GlideSPScriptable().isServicePortalURL(nt);
var redirectURL = session.getProperty("login_redirect");
if (session.hasRole('ncccs_internal') && !redirectURL && !isServicePortalURL){
return;
} else {
if(!session.hasRole('itil')){
session.clearProperty("starting_page");
session.putProperty("starting_page", this.portal);
session.clearProperty("login_redirect");
session.putProperty("login_redirect", this.portal);
}
}
That did the job for us, and no matter how much you tinker with the address bar, access to UI is disallowed unless you have the ncccs_internal role.