...
Generally speaking, websudo by using passwords is not possible with users provisioned by JIT, API Connectors, or SCIM. This is because Kantega SSO cannot synchronize or obtain the passwords from the identity provider for such users. Authentication for such users is only possible via SSO, by redirecting to the identity provider. Users then authenticate in the IDP and are redirected back with a proof of identity, i.e. a SAML Response or an ID Token. In version 5.1.0 of Kantega SSO re-login via a SAML or OIDC based Identity Provider has been added to perform websudo (see below image).
...