Authentication

Users are identified by their email address. SD Elements supports four methods of authentication:

  1. Username and password

  2. Lightweight Directory Access Protocol (LDAP)

  3. Secure Assertion Markup Language (SAML) version 2.0

  4. Trusted Authentication

Only one of either LDAP, SAML, or Trusted Authentication can be enabled at once. Username and password authentication is always enabled.

User account creation

User accounts are created in one of four ways:

  1. An administrator creates an individual account with the web interface.

  2. An administrator bulk imports a list of users.

  3. An administrator configures the LDAP Sync feature to provision accounts.

  4. The Single Sign-On (SSO) feature is configured to autoprovision accounts.

Welcome and password reset emails:

A welcome email is sent to users when an account is created. Users must follow the link within 72 hours before it expires. By following the link, a user can set their password and security questions and answers. If the link expires, an administrator can send a new one.

 No email is sent to users who are automatically provisioned using SSO.

Username and password

SD Elements has native support to authenticate users with an email address and password.

Login:

Users open the application login page and authenticate using their user-generated password.

Account Provisioning:

Users are created according to the options in the section User account creation.

Lightweight Directory Access Protocol (LDAP)

LDAP is a method that allows users to log in with their LDAP/Active Directory username and password.

Login:

Users open the application login page and authenticate using their standard LDAP username and password.

Account Provisioning:

By default, the application creates a user the first time they log in. If access should be restricted, this option can be turned off. Please see the System Administration guide for more information.

Secure Assertion Markup Language (SAML)

SAML is a Single Sign-On (SSO) method where authentication is handled by a different system (Identity Provider, IdP). A user’s identity is securely shared with SD Elements, which allows users to automatically log in. SD Elements supports SAML v2.0.

Login:

The user login flow is as follows:

  • If a user is already authenticated by the IdP, SD Elements creates a new session for the user and logs them in. The user is not redirected to a different page.

  • If a user is not authenticated by the IdP, SD Elements can redirect the user to a different location, such as the IdP, so that the user can log in.

  • Users provisioned with a password can log in using the standard login form.

Account Provisioning:

By default, the application creates users the first time they log in. If access should be restricted, this option can be turned off. Please see the System Administration guide for more information.

Trusted Authentication

Trusted Authentication is a Single Sign-On (SSO) method where authentication is handled by a different system. A user’s identity is securely passed to SD Elements which allows users to automatically log in.

Login:

A user accesses SD Elements through a corporate portal. The login flow is as follows:

  • If a user is already authenticated by the other system, SD Elements creates a new session for the user and logs them in. The user is not redirected to a different page.

  • If a user is not authenticated by the other system, SD Elements can redirect the user to a different location, such as the corporate portal, so that the user can log in.

  • Users provisioned with a password can log in using the standard login form.

Account Provisioning:

By default the application creates users the first time they access it. If access should be restricted, this option can be turned off. Please see the System Administration guide for more information.

results matching ""

    No results matching ""