1. Login with ESA Admin (main.admin) to URL domain.com/auth/admin
   
    
2. Select correct realm from the top corner
   
3. Open Authentication settings from the left side panel and then choose Efecte-login from the list. If Efecte Login is missing add it from Create flow. Name is usually Efecte Login. 
   
   
   
   
    
4. Add an Execution 
   
   
   
   
    
5. Add new flow to be required.
   
   
    
6. Bind New EFECTE Login form to browser flow (If Bind flow is not offered to Efecte login form it is already in use)
   
   
   
   
    
7. Open Realm Settings and tab Themes. Make sure that Efecte login theme is selected
   
   
    
8. Change Realm User profile attributes settings
   Select correct Realm from dropdown
   Go to Realm settings, User profile -tab
    

Modify email, firstName and lastName attributes.

Set those 3 attributes Required: Off.

Save changes to those attributes.

Configuration is now ready.

How to test login and logoff

1. Create local user into ESM, for example:
   
   
    
2. Go to ESA login page and choose "Credentials Login" and “Login with Matrix42 account”

3. Logout.
4. Login again with different user, and confirm that you see correct user logged in to solution.

If baseline in use you can add Local user to Entitlements from IGA Account template and Attribute called Manually assigned group memberships. Local users, which don't have memberships from directory, must have group memberships assigned in this attribute. Only for administrative use.

If baseline is not in use or is not the newest version you can add the attribute into Person template and edit expression Group info for ESS connector to include manual memberships.

If ESA login works but ESM login not, Check the ESM log called itsm.log (Efecte ESM→ Maintenance→Logs→Download logs→itsm.log)

If ESA login is not working, Check the ESA's server.log (opt/keycloak/standalone/log/server.log) and ESA container log /opt/keycloak/logs/keycloak.log

ESA login is successful, but itsm login screen is displayed. Please check linked article and make sure for example that userlevel is not in use for ESM local users https://docs.efecte.com/iga-support-library/esm-login-process-with-esa

Also note that ESA sends data to ESM in small letters. This means that userID in ESM needs to be in small letters too.

Login is successfully, but local user cannot see anything in ESS.  Please check this article https://docs.efecte.com/iga-configuration-library2/1355364-checklist-user-information-from-esm-to-ess

If ESA javascript mappers need a change, please check this article https://docs.efecte.com/iga-support-library/1812412-esa-custom-javascript-mappers

Login doesn't work and you see http 403 error on browser. Check that your Realms Shibboleth Client has these protocol mappers with other mappers:
urn:mace:dir:attribute-def:principal and com:efecte:ess:user