Technical

Options for Single Sign On (SSO)

Follow
Note: SSO is a Professional / Enterprise license feature. Set up fee applies.

Users will have a better experience if they do not have to sign in every time they visit your Asset Bank. For example, you might want users to be able to access your Asset Bank seamlessly when they are already logged into an existing identity provider or from your Intranet by clicking on a link.

This article provides high-level details of the options available for configuring your Asset Bank so that users do not have to enter a username and password each time they start a new session. Please note that all of these options except the 'remember me' cookie require a professional/enterprise licence.

Integration with a cloud-based SSO technology

There are many different SSO technologies available. Asset Bank’s authentication module has been designed so that we can easily develop new plugins to enable SSO (single sign-on) technologies to be used.

Please note that the following Google and SAML providers are only available with our hosted Asset Bank option, not when Asset Bank is installed on your servers (on-premise).

We have already developed plugins to enable Asset Bank to work with the following SSO technologies:

We can only configure one SSO method per site (for example you cannot configure asset bank users to login with both Azure AD and Okta), however you can use an SSO method alongside the default non-SSO (local) user logins if desired.


LDAP Integration

Please note that it is not possible to have LDAP integration for Asset Banks that host with us, however it is still an option for customers who choose to host Asset Bank on their own servers (on-premise).

If your organisation uses LDAP then integrating Asset Bank with your LDAP server is a good option. See How do I integrate Asset Bank with an LDAP server?

This does require Asset Bank to be able to connect to your organisation's LDAP server. If your Asset Bank is hosted externally then your IT team is unlikely to simply allow access. We have clients who have implemented this architecture using VPN tunnels, and we would be happy to discuss this option in more detail.


Active Directory and Integrated Windows Authentication

LDAP integration enables users to use the same username and password as they use to access their computers, but it does not in itself provide SSO.

If your LDAP server is Active Directory, and you use IIS as the web server for your Asset Bank, then we recommend using Integrated Windows Authentication. See Integration with a Web Server.


EncryptedURL Plugin

Asset Bank's ‘EncryptedUrlSSO’ plugin, enables a client's developers to show a link (e.g. on an Intranet) to Asset Bank that includes a user’s details encrypted and encoded, so Asset Bank can create them as a user (if it hasn’t seen them already) and log them in. See EncryptedUrlSSO Specification.

'Remember me' cookie

Asset Bank can show a 'Remember me' checkbox on the login page (this is turned off by default). If this functionality is enabled, and a user checks the checkbox, an encrypted token is stored in a cookie so that Asset Bank can log them in automatically next time they visit. No personal details about the user, other than the encrypted identifier, are stored in the cookie.
This functionality can be enabled by changing the following setting: allowAutoLoginUsingCookie=true


Related articles

Comments

0 comments

Please sign in to leave a comment.