Single sign-on

Overview

In addition to logging in with a user name and a password, it is also possible to log in via Single Sign-On (SSO).

If the property Enable Single Sign-On for a user is enabled, the user can log in via SSO. The property can be found in the lower part of the User settings dialog:

Location

Identity providers (IdPs) for SSO users can be created and configured on the Single Sign-On settings tab of the System information page:

Configuring Single Sign-On

Please be aware that clicking the checkmark (see screenshot below) will write your changes to {{variable.factfinder-ng-product-name}} configuration immediately:

Adding new record to the table requires following attributes:

• Provider key - custom unique provider identifier

• Display name - name displayed on login page

• Issuer URL - URL of the provider endpoint

• Client ID - ID as configured at the provider

• Client secret - Secret as configured at the provider

Logging in with SSO

The display name of a configured identity provider will be shown on the login page. In our example: to log in via the IdP with the display name Microsoft click on LOG IN VIA MICROSOFT:

Each configured IdP will display a log-in button on the login page.

Logging in with credentials

If you want to log in with a username and a password, click instead "Log in with credentials". This will bring you to this screen:

Limitations

Please be aware that SSO users can neither edit nor create non-SSO users. This is forbidden on purpose. This way it is ensured that users who are no longer employees of the company (and are off-boarded at IdP side) don't keep access to NG and cannot find another way to decouple their accounts from the SSO.