Simplified Login Experience

We now have a streamlined 1-step login experience for multi-tenant instances, replacing the previous 2-step journey and refining Single Sign-On (SSO) redirections. It also standardizes a “sidedoor” access mechanism to guarantee reliable local login for administrators and users who need a direct, non-SSO path into the system.​

Previously, users on multi-tenant environments had to pass through a two-stage process: first entering their email address on a generic multi-tenant login page, and then, after clicking “Next,” being redirected based on SAML (IdP) configuration to a second login page. This design had a clear drawback: users were effectively forced to enter their email address twice before completing authentication.​

The login flow has now been consolidated and made intelligent so that the system determines the correct authentication method (SSO or local password) as soon as the user enters their email or hits the instance URL. This removes redundant steps and creates a faster, more intuitive sign-in experience for both SSO and non-SSO users.​

In multi-tenant environments, the login page now dynamically adapts based on the user’s email domain and configuration. If the user is an SSO user, entering their email triggers automatic detection of the configured SSO and an immediate redirect to the appropriate Identity Provider (IdP); if the user is a local (non-SSO) user, the system simply prompts for their password on the same screen, without requiring the email to be re-entered.​

For dedicated customer instances, the instance configuration now directly drives the authentication experience. When SSO is set as the primary authentication method, users who access the instance URL are taken straight to the SSO provider, skipping the standard login page and giving a seamless SSO-first experience.​

The dedicated_instance environment variable controls whether the instance behaves as a dedicated or multi-tenant environment; when dedicated_instance = false, the system presents the login page and prompts users for their email or username. This gives administrators deployment-time control over whether users should always see the login screen or be routed directly via SSO, depending on the customer’s operating model.​

A formalized “sidedoor” URL has been introduced to ensure administrators and IT Operations can always access the system, even when SSO is enforced. This special URL bypasses automatic SSO redirection on dedicated instances so that Super Admins and IT Ops can log in via the local login prompt, replacing any previous ad hoc bypass URLs.​

To use this capability, admins simply append /sidedoor to the instance URL (for example: https://supportstg.bigfixsm.io/sidedoor) to access the local login page. This is particularly important for troubleshooting scenarios, configuration changes, or SSO-related incidents where IdP access might be unavailable or misconfigured.​

For users whose authentication source is configured as “Both” (Active Directory and Cloud Directory), the system continues to prioritize a smooth SSO experience by default. These users are automatically directed to the SSO flow in normal conditions, but can still use the sidedoor URL to reach the local login screen if needed, for example during an IdP outage or SSO incident.​

From a configuration standpoint, administrators should verify the dedicated_instance variable during deployment to ensure the instance behaves as expected—multi-tenant with visible login page or dedicated with SSO-first behavior. They should also communicate the standardized sidedoor URL pattern to customer System Administrators so that emergency local access procedures are clearly documented and understood.​

The overall user experience changes can be summarized as follows: multi-tenant SSO users move from a 2-step process to a direct “enter email → auto-redirect to IdP” flow; multi-tenant local users move from a 2-step process to a cleaner “enter email → enter password” flow with no email re-entry; and sidedoor access is now provided via a standardized, documented URL instead of custom bypass links.

Together, these enhancements deliver a faster, more reliable, and more supportable login experience across BigFix Service Management environments.​