Managing Default Role and Project Access for SSO User Accounts.

In some configurations SSO users with a link to Apptio are allowed to log in and view projects and reports. There are 2 ways of managing this functionality.

Default behavior

New SSO user can log into Apptio via a link and open any project / report which has “View Only” permissions. This occurs in cases where SSO configuration specifies a default role for users to “View Only”. Apptio automatically adds the user to Users List and assigns the role.

Prevent new users from accessing Apptio

Solution: Block access for any SSO user not maintained in Apptio user list. To do this, a change to SSO configuration is required which will prevent the user from accessing Apptio altogether.

• File a case with Apptio support to “Prevent new user default access”.
  • Request SSO configuration to the role of “NoAccess”

Allow new user access and redirect to a certain project

Solution: Create and configure a landing page directing new users to contact administration for access.

• Set up a new Project “No Role” and new role “No Role” for each environment.
• Set appropriate view permissions for the project with a note to contact administration.
• Request SSO configuration to default to a “No Role” role.
• Request to configure Apptio system settings “default.lastproject” to “No Role” project.