This article relates to our product Simple Sign-On (SSO).

Login Control is a powerful Simple Sign-On feature that enables administrators to control how their users access their applications. Login Control can influence how you want SSO to work in your environment, as well as white-listing an IP ranged, block access altogether or restrict access to certain device or browser types. 

How to Configure Login Control

Login control is configured via the IAM Cloud Admin Portal. If you select Login Control from the left hand side you will be presented with various options. You can chose to edit the default login control policy and apply to all applications or you can set up a login control policy per application. It is extremely flexible!

For each application you can set single sign on to be Forced, Internal Only, or Off for each browser, and can block users from being able to authenticate on certain browsers at all. This is very useful if an application has a compatibility issue with a certain browser. Some applications may be extra sensitive and you do not want to enable Single sign on for that application. You simply can just turn SSO off per application. 

As well as browsers you can control access via different operating systems. For example some applications may not work well with Apple Mac and you can restrict access as needed. 

You can also set an IP range. Anyone connecting using that IP range will be considered to be accessing from an internal location, even if not actually on-premises.

Within the login control window you can also enable authentication using SamAccountName. Once enabled, users will be able to use their SamAccountName as well as their email address. 

If you need any assistance with this feature please do not hesitate to contact us on