Single Sign-On (SSO) Options
These options are available from Enterprise Architect Release 14.1.
After enabling SSO there are two main options that can be set:
- Restrict access to Windows and OpenID user only
- Automatically create or modify Windows or OpenID users
These options are detailed here.
Configure > Security > Users
Restrict access to Windows and OpenID users only
Enabling this option will stop local model users from being able to log in to the model. Only users validated through either Windows or OpenID SSO will be able to log in.
An exception is made for local users who have the 'Security - Manager Users' permission set. This allows a local administrator to still have access and be able to update or modify the SSO settings.
Automatically create or modify Windows or OpenID users
Enabling this option will allow the model to create new users derived from the trusted SSO source. Users will be assigned local group permissions based on the groups linked to the SSO provider. Existing users will be assigned to or revoked from linked groups based on their SSO groups.
- A new user that is not in any SSO groups that are linked to model groups, will not be automatically created
- An existing user that is not in any SSO groups that are linked to model groups, will not be logged in
- An existing user's individual permissions will not be modified automatically
- An existing user will not be removed from a group that is not linked to an SSO group
It is recommended that you always keep a local model administrator account (with a strong password) to allow recovery in the case the SSO authentication fails (for example, if the OpenID server is offline or mis-configured)