Question
NFCU
US
Last activity: 14 Jan 2025 13:16 EST
Tracing SSO activitiy with PEGA WFI
I am working with a client that is wanting to use WFI to identify which applications do not have SSO enabled.
When an end user navigates to a URL for an application where SSO is enabled, there would be a SAML response. Does WFI capture the SAML response, or at minimum, an indicator that there was a SAML response?
If it does, then in theory, we want to run a query that returns endpoint urls that our pool of users visits throughout the day, and exclude ones where a SAML response was received. This will leave us with a list of urls where SSO is not enabled.
HCA Healthcare
US
@MichaelB17369855 WFI help identify which applications do not have SSO enabled by tracking the URLs users access during their workday. While WFI does not directly capture SAML responses or network-level authentication details, it can record the endpoint URLs visited by users. To find applications without SSO, you can run a query to gather all URLs accessed and compare them against the SAML activity logs from your Identity Provider like Okta or Azure AD. If a URL appears in WFI but has no corresponding SAML response in the IdP logs, it likely means the application does not have SSO enabled. Although WFI cannot detect SAML responses itself, you can use login redirection patterns or post-login landing pages as indirect indicators of SSO usage. For a more accurate approach, consider combining WFI data with your IdP and security tools like Splunk or Azure Sentinel to cross-check user activity and authentication logs. This combined analysis can provide a clearer view of which applications still need SSO configuration. Please let me know if you have any questions on this. thanks