Why does the tenant selection revert back to the host on the Platform UI after logout when using Single Sign-On (SSO) in Automation Suite?

Issue Description: When using Single Sign-On (SSO) for authentication, the selected tenant reverts to the 'host' tenant after the user logs out. This issue is in contrast to the behavior when using basic authentication (username and password), where the tenant selection persists between sessions.

Root Cause: This was a changed introduced in 23.4.0. Unlike previous versions, new installations no longer come with a default tenant or organization (org) pre-provisioned. Consequently, users must first access the host tenant to create a new organization. This change impacts how the platform handles tenant selection in the context of SSO authentication.

Starting in the versions 23.4.7 and 23.10.4 the tenant selection is preserved.


Resolution:

• There is no way to fix this except to upgrade.

As a workaround, if using SAML2, it possible to use IDP initiated SAML2 to access the site. For example, the IDP might have a landing page of applications that it can authenticate to. Click to go to Orchestrator from there.

Okta for example, generates a unique URL for each application that uses it for authentication with SAML2. Bookmarking the login page OKTA presents would be a way to circumvent this issue. However these type of solutions depend on the IDP.