Users will have a better experience if they do not have to sign in every time they visit your Asset Bank. For example, you might want users to be able to access your Asset Bank seamlessly when they are already logged into an existing identity provider or from your Intranet by clicking on a link.
This article provides high-level details of the options available for configuring your Asset Bank so that users do not have to enter a username and password each time they start a new session. Please note that all of these options except the 'remember me' cookie require an enterprise licence.
Integration with a third-party SSO technology
There are many different SSO technologies available. Asset Bank’s authentication module has been designed so that we can easily develop new plugins to enable SSO (single sign-on) technologies to be used.
We have already developed plugins to enable Asset Bank to work with the following SSO technologies:
- Google: How can I configure Google+ Sign In
- SAML compliant Identity Providers: ADFS, Azure AD, Okta and OneLogin
- Sage Passport.
If your organisation uses LDAP then integrating Asset Bank with your LDAP server is a good option. See How do I integrate Asset Bank with an LDAP server?
This does require Asset Bank to be able to connect to your organisation's LDAP server. If your Asset Bank is hosted externally then your IT team is unlikely to simply allow access. We have clients who have implemented this architecture using VPN tunnels, and we would be happy to discuss this option in more detail.
Active Directory and Integrated Windows Authentication
LDAP integration enables users to use the same username and password as they use to access their computers, but it does not in itself provide SSO.
If your LDAP server is Active Directory, and you use IIS as the web server for your Asset Bank, then we recommend using Integrated Windows Authentication. See Integration with a Web Server.