Single-Sign-On (SSO)

Description

Single-Sign-On login is a password-less way to authenticate to AT Internet.
The user only has to be logged in to his internal platform to login to the Analytics Suite.

Main principles

APPLY YOUR PASSWORD POLICY

The only required password is the one on your internal platform, which can be restricted accordingly to your IT teams requirements.

CONTROL USER'S ACCESS 

Since authentication is based on your internal platform access, you can cut the access to our solutions and many others, by deleting the user from your Active Directory.

RELY ON SECURED PROTOCOLS

The SSO option is based on SAML 2.0 and OpenID processes making it compatible with most SSO user management systems.

SSO OPTION IS PER ORGANISATION

Any user listed in your organisation can be switched to SSO.

STANDARD AND SSO USERS CAN COEXIST

On an SSO organisation, you can have SSO users and standard users as well to allow users not listed in your Active Directory to login to your organisation.

SSO USERS CANNOT BE MULTI-ORGANISATION

An SSO user can only be listed in one organisation because it would otherwise imply that your internal accesses allow authentication to another organisation.

FREE ACTIVATION AND USE

The SSO option, does not imply any additional fees, just a setup that is entirely free.

Activation

To activate the SSO option, please reach out to support teams with these information:

COMPANY LABEL 

Text you want to specify to login through your AD from our login page used in our configurations:

• ATI Authentication URL: https://sso.atinternet-solutions.com/CompanyLabelName/login
• ATI Validation URL: https://sso.atinternet-solutions.com/CompanyLabelName/assert 

LOGOUT BEHAVIOUR

Should the user be redirected to our login page or another page when he logs out? If so which one?

AUTO PROVISIONNING

Should the user added to your Active Directory be automatically imported to our user listing (it will not give them any right outside than all users groups)

SAML 2.0 OR OPENID CONFIGURATION

Please specify the desired configuration and its respective setup as listed below.

SAML 2.0 CONFIGURATION

Please provide your metadata file based on the "nameid-format:emailAddress", including your login URL and your X.509 certificate

OPENID CONFIGURATION

Please provide your ServiceProvider map including client id and client secret, and also your IdentityProvider map including authorization endpoint, issuer, jwks, uri, token endpoint (potentially identity token and user endpoint as well).

USER SWITCH

Do you want to switch all users from standard to SSO users, or only some users? If so, could you please specify the concerned users? Please also specify a user on which you could test the SSO setup before applying it to all users.

User creation

User form

With the SSO option enabled, user creation form gets a dedicated tickbox, ticked by default to set the user as a SSO user.

Auto Provisioning mode

According to your SSO configuration as detailed in the Description section, you may only rely on your Active Directory to add users automatically.
Any user added to your Active Directory will be added to the Analytics Suite user listing.
Though, it will not give them access rights (unless your organisation has a group applied to all users).

User identification

User page

If a user is listed as SSO on your organisation, the SSO section of the user's page in Access Rights will be displayed.

Users export

If you want to see the SSO users among your users list, please click on the Download button above the users table, and check the export file.

Authentication

Login page

From the login page click on the top right link named Single Sign On, and fill in your CompanyLabel before submitting your login request.

API Keys

Since SSO users do not have a password they need to rely on API Keys to authenticate to external API calls.
Find out more on API Keys.