SSO Authorization Mode

image_pdfimage_print

The Windows-SSO or “Authorization” is the classic version of SSO.
It uses the standard mechanic of authorizing a user login over the usergroup assignment.
To authenticate the user, additionally to username and password, the groups are used.
Their groups will be mapped and matched against the AD groups.

Pros:
(higher security, less maintenance)
Cons:
(less flexibility)
  • Only user groups need to be created and assigned to their specific roles.
  • User assignment to groups can be controlled over the AD.
  • Users are created automatically. Users must not be created manually inside of Jedox
    (no double maintenance).
  • The assignment of the AD is fixed.
    Out of security perspective also Pro: Groups can’t be added or changed in Jedox.

Steps:

Open Jedox Web and navigate to the “Administration” Tab.

  1. Select “Groups”
  2. Add group

In comparison to simple LDAP it is necessary to create groups in a specific way:

  1. Enter a group name that matches the domain name and the group name of the Active Directory.
  2. Activate this group with “Active” check mark.

To match the AD group name is mandatory. As prefix, the domain name is mandatory, separated through a backslash \
Example:
AD_DOMAIN\AD_groupname

 

  1. Select a role that should be used for this group.
  2. Assign it.
  3. Save the settings.
  4. Now you should see the new added group

  • After a successful login you should be able to see the new user with the same domain prefix assigned to the AD-group.

  • Users will be logged in automatically
  • Users will be created automatically
  • Groups will be assigned automatically
  • If there are several groups which match the AD, the user will be assigned to all matching groups.

 

Next SSO configuration step: SSO Configuration of a Browser as Jedox Web Client and / or SSO Configuration for Excel Add-in

image_pdfimage_print
Was this post helpful?
NoYes (-1 rating, 1 votes)
Loading...