Book a Demo

Please note : This help page is not for the latest version of Enterprise Architect. The latest help can be found here.

Prev Next

Single Sign-On (SSO) Options

These options are available from Enterprise Architect Release 14.1.

After enabling SSO there are two main options that can be set:

  • Restrict access to Windows and OpenID user only
  • Automatically create or modify Windows or OpenID users

These options are detailed here.

Access

Ribbon

Settings > Security > Users

Configuring Single Sign-On (SSO) in Sparx Systems Enterprise Architect.

SSO Options

Restrict access to Windows and OpenID users only

Enabling this option will stop local model users from being able to log in to the model. Only users validated through either Windows or OpenID SSO will be able to log in.

An exception is made for local users who have the 'Security - Manage Users' permission set. This allows a local administrator to still have access and be able to update or modify the SSO settings.

Automatically create or modify Windows or OpenID users

Enabling this option will allow the model to create new users derived from the trusted SSO source. Users will be assigned local group permissions based on the groups linked to the SSO provider (see Maintain Groups help topic). Existing users will be assigned to or revoked from linked groups based on their SSO groups.

It is recommended to ensure that a local administrator account is available before enabling this option.

Notes:

  • A new user that is not in any SSO groups that are linked to model groups, will not be automatically created
  • An existing user that is not in any SSO groups that are linked to model groups, will not be logged in
  • An existing user's individual permissions will not be modified automatically, only their group permissions.
  • An existing user will not be removed from a group that is not linked to an SSO group.

Note

It is recommended that you always keep a local model administrator account (with a strong password) to allow recovery in the case the SSO authentication fails (for example, if the OpenID server is offline or mis-configured)