System status
Deutsch

Single Sign-On (SSO)

Current article:
More articles in this category:

Single Sign On (SSO) authentification

  • Updated
Follow

To enable effective and centralised user management, Evalanche offers connectivity to your own Identity Providers (IdP) by implementing Single Sign-On (SSO) functionality. This integration facilitates authentification and access control for users by allowing them to use their existing IdP credentials without having to define additional logins specific to our platform. The feature supports efficient user management and improves organisations' security structures.

 

Technical explanation

The SSO functionality of Evalanche currently supports the OpenID Connect (OIDC) protocol.

  • Microsoft Entra ID
  • Microsoft Azure AD
  • Keycloak

The possibility of an extension for SAML is planned.

To support the protocols, a unique URL is required via which the SSO login is initiated:

https://[Interface-Domain]/auth/oidc

 

The most important aspects for implementing the SSO connection:

  • Supported protocols: OIDC is currently supported.
  • Dual login: Users with IdP configuration retain the option of logging in locally. This enables more flexible user management, especially for cases in which users are not recorded in the IdP, as well as for optional 2-factor authentication, which cannot be mapped via SSO.
  • Rights and security management: The management of user rights and security policies remains within Evalanche, independent of the IdP settings.
  • Logging: All security-related actions are logged to ensure traceable documentation and monitoring. This information is only available on request.

 

First steps

Specific settings and preparations are required for SSO integration:

  • IdP setup per context: An IdP can only be set up at the global level (group level).
  • Link to interface domain: Each IdP must be assigned to an Evalanche interface domain that initiates the SSO process.
  • User assignment: The external IdP user ID must be stored for each user in our platform settings to enable unique identification.

SSO-Globale_Account_Config.png

Setting up the SSO configuration in Evalanche

  • Have us set up an interface domain to which the future SSO implementation will be linked if no interface domain exists yet.
  • Set SSO authentification to ‘Active’ (1) under ‘Settings/Partner apps/External authentication’.
  • Select and save the desired IdP type (2) (e.g. OICD for Keycloak or Microsoft Entra ID/Azure/AD) as well as the required parameters such as base URL, realm/tenant/directory ID, application ID and application secret. This data can be found in the configuration of your IdP.
  • Add the corresponding users with regard to external authentication with the External ID in the user settings.
  • Add the setting "Authentication"->"SSO"->"Enable SSO" (or "SSO-only") to the security policies used.

Important

If you want to connect additional applications via SSO in your environment and display them in the Evalanche App Switch and/or app area, this is not possible in the app area with Microsoft Entra ID authentication. Currently only in the App Switch. Microsoft prevents authentication in the iFrame.

A special account authorisation is required before SSO can be configured. If you would like to use SSO, please get in touch with your sales contact.

If you need help with the setup or have technical questions, please contact our support team at support@sc-networks.com. Our team will be happy to assist you at any time.

Was this article helpful?
3 out of 3 found this helpful
Return to top

Related articles