dale Posted November 6, 2018 Report Share Posted November 6, 2018 Single Sign-On allows users to sign on to applications without providing their passwords to the application (or having to manage an application-specific password). Instead the user signs on to a SSO provider using SAML2 or oauth. The browser then uses the token provided by the authentication provider to logon to the application. This has numerous advantages, including support of two-factor authentication etc. There are public SSO providers such as Google and Facebook. Also many organizations use internal instances. As SAML2 user authentication is likely to become mandatory for any deployed applications on our network, I was wondering whether Intella Connect could / will include SAML2 in an upcoming release. Many thanks! Dominique Quote Link to comment Share on other sites More sharing options...
ŁukaszBachman Posted November 8, 2018 Report Share Posted November 8, 2018 Hi Dale, I'll need to think where to fit this in in our roadmap. Have you done any research about this topic already? I know that oauth is a well defined standard, but does being "oauth compliant" means that Connect could be configured with few params to work with either FB, Google or any other prioprietary implementation? So I guess it should be similar to LDAP integration in this regard. Quote Link to comment Share on other sites More sharing options...
dale Posted November 8, 2018 Author Report Share Posted November 8, 2018 Lukasz - Thanks for responding. We are using SAML2. OAuth might not actually be fit here (see also https://www.ubisecure.com/uncategorized/difference-between-saml-and-oauth/). Looking at this here: https://en.wikipedia.org/wiki/SAML_2.0#Web_Browser_SSO_Profile What Intella would have to implement is the 'Service Provider' side. Example scenario: Reference: https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf Happy chat off-line on the more practical aspects. Dominique Quote Link to comment Share on other sites More sharing options...
dale Posted November 9, 2018 Author Report Share Posted November 9, 2018 Just to follow-up on the point of FB, Google etc. Yes, using a standard such as SAML2 or OpenID Connect (which is based on OAuth2) will enable the use of Google or FB as identity providers to authenticate users that access Intella. When it comes to OAuth2, you may want to look at OpenID Connect instead. See https://developers.google.com/identity/protocols/OpenIDConnect Quote Link to comment Share on other sites More sharing options...
Andrej Posted March 24, 2020 Report Share Posted March 24, 2020 Hi dale, could you please take a look at topic: and let us know what you think? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.