Windows SSO authorization is the classic version of SSO. It uses the standard mechanism of authorizing a user logon over the usergroup assignment. To activate, add windows-sso in the palo.ini.
Groups are used to authenticate the user, in addition to username and password. The groups will be mapped and matched against the Active Directory (AD) groups.
|Pros: higher security, less maintenance||Cons: less flexibility|
Open Jedox Web and navigate to the Administration tab. Select Groups (1, below), then click Add group (2).
Unlike simple LDAP, it is necessary to create groups in a specific way. First, enter a group name that matches the domain name and the group name of the Active Directory (1, below). Matching the AD group name is mandatory and must be prefixed with the domain name, separated with a backslash
Activate this group with the Active check box (2, below).
Assign a role for this group by moving an available role (1, below) into the Assigned roles box (2). Click Save (3).
The group now appears in the Group name list.
After a successful logon, you should be able to see the new user with the same domain prefix assigned to the AD group, as indicated below.
- Users will be logged in automatically.
- Users will be created automatically.
- Groups will be assigned automatically.
- If there are several groups that match the AD, the user will be assigned to all matching groups.
Next SSO configuration step: SSO Configuration of a Browser as Jedox Web Client and/or SSO Configuration for Excel Add-in