Description
Single-Sign-On login is a password-less way to authenticate to AT Internet.
The user only has to be logged in to his corporate portal to login to the Analytics Suite.
Main principles
APPLY YOUR PASSWORD POLICY
The only required password is the one on your corporate portal, which can be set to match your IT teams requirements.
Note
Turning a standard user into a SSO user will delete his AT Internet password.CONTROL USER'S ACCESS
Since authentication is based on your corporate portal access, you can cut the access to our solutions and many others, by deleting the user from your Active Directory.
Note
Deleting a user from the Active Directory, does not delete it from our solutions, the user will not be able to login but his API Keys will work.If needed you can still rely on our API to check the use of API Keys.
RELY ON SECURED PROTOCOLS
The SSO feature is based on SAML 2.0 and OpenID Connect processes making it compatible with most Identity Providers (IdP).
SSO FEATURE IS PER ORGANISATION
Any user listed in your organisation can be switched to SSO.
STANDARD AND SSO USERS CAN COEXIST
On an SSO organisation, you can have SSO users and standard users as well to allow users not listed in your Active Directory to login to your organisation.
SSO USERS CANNOT BE MULTI-ORGANISATION
An SSO user can only be listed in one organisation.
FREE ACTIVATION AND USE
The SSO feature, does not imply any additional fees.
Important
- iOS Explorer app does not yet provide SSO login
- Some partnership integration may require some adaptations, please check if your integration is SSO compatible
- Users on SSO accounts will no longer be able to trigger API calls based on their former passwords, they will have to update them with API Keys making sure the domain is api.atinternet.io.
Activation
To activate the SSO feature, please reach out to support teams with these information:
ORGANISATION
Please provide us the name of your organisation to be used in:
- The "Company Label" text field to authenticate with SSO from our dedicated login page.
- The Identity Provider configuration(IdP):
SAML 2.0 | OpenID Connect |
ATI Authorization URL: |
ATI Authorization URL: |
CONFIGURATION
SAML 2.0 | OpenID Connect |
Please provide us:
We will then, provide you with a XML metadata file to add to your Identity Provider. |
Please provide us: |
LOGOUT BEHAVIOUR
Should the user be redirected to our login page or another page when he logs out? If so which one?
AUTO PROVISIONING
Should the user added to your Active Directory be automatically imported to our user listing (it will not give them any right outside than all users groups)
USER SWITCH
Do you want to switch all users from standard to SSO users, or only some users? If so, could you please specify the concerned users? Please also specify a user on which you could test the SSO setup before applying it to all users.
Process
Once you provided these information to our support team, our tech team will be able to turn on SSO.Then with the test user requested ealier, our tech team will be able to switch him to a SSO account.
After your behaviour validation, we will switch the specified list of users to SSO accounts.
User creation
User form
With the SSO feature enabled, user creation form gets a dedicated tickbox, ticked by default to set the user as a SSO user.
User identification
User page
If a user is listed as SSO on your organisation, the SSO section of the user's page in Access Rights will be displayed.
Users export
If you want to see the SSO users among your users list, please click on the Download button above the users table, and check the export file.
Authentication
Note
Login can be set from your corporate portal or directly from our login page.
Login page
From the login page click on the top right link named Single Sign On, and fill in your CompanyLabel before submitting your login request.
Note
The CompanyLabel is set in your organisation configuration, then share it to your users and they’re good to go (depending on their rights).
API Keys
Since SSO users do not have a password they need to rely on API Keys to authenticate to external API calls.
Find out more on API Keys.