Symphony Single Sign On
This applies to: Managed Dashboards, Managed Reports
Single sign-on (SSO) allows users to log in once on their workstation, and gain access to multiple systems without being prompted to log in again. This article provides guidelines and summarizes how to use SSO within the Symphony application.
There are multiple ways to accomplish single sign-on:
-
Federated authentication: see Enabling Federated Authentication.
Federated authentication behaves as Single Sign On (SSO), enabling the user to access multiple services without the need for further authentication.
Authentication is possible using SAML 2.0, OpenID Connect (OIDC), Azure Active Directory/Microsoft Identity, JWT, and other protocols.
Automatic logon with federated authentication can be accomplished by setting the custom logon page configuration setting to the authentication URL:
https://yourinstance/AuthBridge/Auth/ExternalAuth
-
Anonymous logon: see How To Enable Anonymous Log On.
Use to provide access to some or all Symphony Managed content without any users needing to take any action to log on.
This is ideal for implementation of a public dashboard/reporting site or kiosk.
Users are automatically logged onto a specific account specified in the application configuration settings Anonymous User Name and Anonymous Password.
-
Embedding Symphony content: see Create and Use Logon and Session Tokens for Symphony.
Your application can use optionally use Symphony's API to create one-time tokens to log in users automatically and securely.
Create and pass a one time logon token to create a session for a specified user and log them on.
Log on through the API and create a session for the user, optionally setting up session properties such as custom attributes, and create a one-time session token the user can use to access that session.
-
Use server-side code to create these one-time time-limited tokens and pass them to your client application's JavaScript or HTML.
Note: You can also use the federated authentication feature to authenticate using JSON Web Tokens (JWTs). These are different from Symphony logon and session tokens.
Comments
0 comments
Please sign in to leave a comment.