Single Sign-On improves security and makes the logging in process simpler for staff users. For example, if a user is already logged into their existing identity provider, then accessing Asset Bank could be as easy as clicking a link from their intranet.
It also removes the need to create new user accounts manually, as new staff members in parts of your organisation can automatically be mapped to the relevant permission group. As a result single sign-on is fast becoming the preferred login option for organisations.
This article provides high-level details of the alternatives available for configuring your Asset Bank so that users do not have to enter a username and password each time they start a new session. Please note that all of these options except the 'remember me' cookie require a professional/enterprise licence.
Integration with a cloud-based SSO technology
There are many different SSO technologies available. Asset Bank’s authentication module has been designed so that we can easily develop new plugins to enable SSO (single sign-on) technologies to be used.
Please note that the following Google and SAML providers are only available with our hosted Asset Bank option, not when Asset Bank is installed on your servers (on-premise).
We have already developed plugins to enable Asset Bank to work with the following SSO technologies:
- Google: How can I configure Google+ Sign In
- SAML 2.0 compliant Identity Providers, including: ADFS, Azure AD, Okta and OneLogin
Please note that it is not possible to have LDAP integration for Asset Banks that host with us, however it is still an option for customers who choose to host Asset Bank on their own servers (on-premise).
If your organisation uses LDAP then integrating Asset Bank with your LDAP server is a good option. See How do I integrate Asset Bank with an LDAP server?
This does require Asset Bank to be able to connect to your organisation's LDAP server. If your Asset Bank is hosted externally then your IT team is unlikely to simply allow access. We have clients who have implemented this architecture using VPN tunnels, and we would be happy to discuss this option in more detail.
Active Directory and Integrated Windows Authentication
LDAP integration enables users to use the same username and password as they use to access their computers, but it does not in itself provide SSO.
If your LDAP server is Active Directory, and you use IIS as the web server for your Asset Bank, then we recommend using Integrated Windows Authentication. See Integration with a Web Server.