Book a Demo
Prev Next

Single Sign-On (SSO)

Single Sign-On (SSO) enables a model to trust a third-party authentication system to log in to a model. Instead of logging in to Enterprise Architect, the user logs into a third-party system that authenticates the user as valid and allows them access to Enterprise Architect. Enterprise Architect trusts the authentication returned from the SSO system and logs the user in to the model.

Enterprise Architect supports two SSO systems:

  • Windows authentication with Active Directory
  • OpenID - This feature is available from Enterprise Architect Release 14.1

SSO systems

Windows Authentication

Windows Authentication allows a model to trust the currently logged in Windows user. If the username returned from the Windows system matches a model user, then the model is logged in as that user.

Windows Authentication works best when run with an Active Directory Domain.

You can enable Windows Authentication by selecting the 'Accept Windows Authentication' checkbox on the 'Security Users' dialog.


OpenID is the current preferred standard for SSO authentication for web sites. It also works well for applications such as Enterprise Architect. To use OpenID, an OpenID server must be configured and accessible by Enterprise Architect.

There are many options for OpenID servers, including self-hosted servers and online services. Enterprise Architect requires an OpenID server that supports the 'OpenID Connect' standard and is able to return a unique user identifier in the 'user_info' request. This user identifier will be matched to a local model user.

As of version 16.0 the unique identifier can be returned in either the 'user_info' request, or in the 'id_token' that is returned when a user logs in.

Learn more