Option: Username redirect to another realm configuration
You can optionally configure the redirection of a user to another SecureAuth IdP realm without requiring them to input their username again. This relates to using the Redirect to realm or URL risk check action.
This configuration requires two realms:
Realm A – the initial realm on which end users start the login process
Realm B – the realm to which end users are redirected
Realm A configuration
In Realm A only, make the following configuration.
Note
You can make this configuration in any of the other adaptive authentication policies. The User / Group Restriction policy is used in this example.
Go to the Adaptive Authentication tab.
In the User / Group Restriction section, set the following:
Failure Action
Set to Redirect to realm or URL.
Add RedirectWithToken.aspx?Target= to the beginning of the realm URL. For example, RedirectWithToken.aspx?Target=https://secureauth.company.com/secureauth2.
Save your changes.
Realm A and B configurations
The following steps are required for both Realm A and Realm B.
In the realm, go to the Post Authentication tab.
In the Forms Auth / SSO Token section, click the View and Configure FormsAuth keys/SSO token link.
In the Forms Authentication section, set the Name to a unique, friendly token name.
In the Machine Key section, set the Validation Key and Decryption Key to the same values. Otherwise, if no keys have been generated, keep the default values.
In the Authentication Cookies section, set the Pre-Auth Cookie and Post-Auth Cookie to the same, unique token name set in the Forms Authentication section.
Save your changes.