Question on multiple accounts
Thursday, July 13, 2023 at 08:44amI have a hypothetical question at this time. We may want to request another Onespan account with end users for a specific line of business at our organization. Having multiple Onespan accounts has some limitations.
Users cannot be in two or more accounts in the same environment (all users, including admin users) - this is my understanding. Both accounts would be accessed via the link in The Company Homepage and be SSO based. SSO configuration would be copied to the other account.
Since users cannot be in two or more accounts, how could Access Management users grant end user access to the other account? Please let me know if you have any ideas. Ideally, we would want Access Admins access to both accounts to do access management. However, this does not seem possible.
Reply to: Question on multiple accounts
Thursday, July 13, 2023 at 02:39pmHi Brian,
Thanks for the background information!
Here are some of my thoughts inline:
-"Users cannot be in two or more accounts in the same environment (all users, including admin users)"
You are right that users cannot be in two or more accounts in the same environment. To be more specific, it's the sender email that can't exist in different accounts. But this also means you can have email alias for a sender to be used in a different account (e.g. [email protected] => [email protected] / [email protected]).
- "Both accounts would be accessed via the link in The Company Homepage and be SSO based. SSO configuration would be copied to the other account."
Given the email alias possibility, I would suggest to create another SSO application for the other account, where you linked the email assertion to a new AD user attribute representing the email alias. The attached screenshot is an example in Okta, where I added a custom attribute user.email2.
In this case, [email protected] is the sender email in account A, and [email protected] is the sender email in account B, while the sender uses the same AD account to access both accounts.
Duo