Book a Demo
Prev Next

Single Sign-On (SSO) with WebEA

As with Enterprise Architect, WebEA can make use of these Single Sign-On systems:

  • Windows authentication with Active Directory
  • OpenID

The ability to use Single Sign-On for WebEA is based on the configuration of the Enterprise Architect model itself.




See also


Using Enterprise Architect, configure the model to use Single Sign-On.

Single Sign-On (SSO)


Using Enterprise Architect, confirm that the model can be accessed via Single Sign-On.


If you intend to use OpenID, ensure that your OpenID server configuration includes the WebEA login_sso.php page as a valid redirect/callback URI.

For example:


Or (if the OpenID provider supports wildcards):



If you intend to use Windows Authentication and WebEA is deployed using IIS then configure IIS as described in the 'Configuring IIS for WebEA Windows Authentication' topic.

Configuring IIS for WebEA Windows Authentication


If you have not already done so, configure WebEA to access the model.

No WebEA configuration options are required specifically for Single Sign-On (WebEA will detect that Single Sign-On is enabled in the model).

How to configure WebEA models


Login to the model via WebEA.

The WebEA login screen will provide Login with OpenID and/or Login with Windows ID buttons, allowing you to log in via Single Sign-On.


Web Browser Considerations

Single Sign-On support can vary depending on the Web Browser being used to access WebEA.

WebEA's Windows Authentication makes use of the NTML authentication protocol. Web Browsers typically require some configuration to make use of NTLM authentication. For example, see:

As with Enterprise Architect, for OpenID support an OpenID server must be configured and accessible by your Web Browser.

The OpenID server must support the 'OpenID Connect' standard and should be able to return a unique user identifier in the 'user_info' request. This user identifier will be matched to a local model user.