SSO Authorization Mode

Windows SSO authorization is the classic version of SSO. It uses the standard mechanism of authorizing a user logon over the usergroup assignment. To activate, add windows-sso in the palo.ini.

Groups are used to authenticate the user, in addition to username and password. The groups will be mapped and matched against the Active Directory (AD) groups.

Pros: higher security, less maintenance Cons: less flexibility
  • Only user groups need to be created and assigned to their specific roles.
  • User assignment to groups can be controlled over the AD.
  • Users are created automatically and need not be created manually inside of Jedox (no double maintenance).
  • The assignment of the AD is fixed.
    From a security perspective, this is also a pro: groups can’t be added or changed in Jedox.


Open Jedox Web and navigate to the Administration tab. Select Groups (1, below), then click Add group (2).

Unlike simple LDAP, it is necessary to create groups in a specific way. First, enter a group name that matches the domain name and the group name of the Active Directory (1, below). Matching the AD group name is mandatory and must be prefixed with the domain name, separated with a backslash \.

Example: AD_DOMAIN\AD_groupname

Activate this group with the Active check box (2, below).

Assign a role for this group by moving an available role (1, below) into the Assigned roles box (2). Click Save (3).

The group now appears in the Group name list.

After a successful logon, you should be able to see the new user with the same domain prefix assigned to the AD group, as indicated below.


  • Users will be logged in automatically.
  • Users will be created automatically.
  • Groups will be assigned automatically.
  • If there are several groups that match the AD, the user will be assigned to all matching groups.


Next SSO configuration step: SSO Configuration of a Browser as Jedox Web Client and/or SSO Configuration for Excel Add-in