With geopolitical tensions and ransomware attacks on the rise, good security is mandatory for any production facility. This is why we have made our Single Sign-On feature part of all AlisQI license plans. This means SSO is available free of charge for all customers. In this article we talk about the advantages of SSO, provide an overview of SSO integration and the steps required to enable this feature in AlisQI.
Single Sign-On (SSO) is a feature that lets applications delegate user authentication to an external trusted system. This process is also known as ‘federation’. More specifically, this allows our customers to manage user accounts in a central user directory (e.g. Microsoft Active Directory) instead of requiring users to create new, independent accounts in AlisQI.
Single Sign-On has multiple advantages:
Integration – To integrate AlisQI with the central user directory, AlisQI supports SAML 2.0, a standardized protocol. In SAML, the user directory, whose role is that of Identity Provider (IdP), is responsible for managing user accounts. AlisQI assumes the role of Service Provider (SP). To establish trust between the IdP and the SP, SAML 2.0 metadata needs to be exchanged and configured on both ends. The customers that currently use SSO in AlisQI were able to set up AlisQI as an SP in Microsoft ADFS within minutes in this way.
User flow – When a user wishes to use AlisQI (the SP), they get redirected to the user directory (IdP). If the user is already logged in, they will be immediately forwarded back to AlisQI and will not even notice anything. The log in will have been seamless and taken only one click. If the user was not yet logged in to the IdP, they will be greeted with the familiar login page of the user directory. After they enter their credentials, they will be redirected to AlisQI, where they will be logged in.
User management in AlisQI – User accounts have to be created within AlisQI by an administrator before they can be used. The IdP will provide the user’s email address, which will be used by AlisQI to find the proper account. Therefore, it’s essential that the addresses stored in AlisQI are identical to those in the IdP. If a user is redirected from the IdP with an address that is not known in AlisQI, they will be shown a screen that tells them no account could be found and a list of users with administrator privileges who can set up an AlisQI account for them. Accounts cannot be automatically created because AlisQI doesn’t know which user group to use for new accounts. The AlisQI import functionality can be used to mass upload account details from Excel.
Keeping your production data safe is a key concern for many manufacturers. To help our customer protect themselves, and in the spirit of the holiday season, we have made the Single Sign On (SSO) feature a part of all AlisQI license plans. This means SSO is available free of charge for all customers. We recommend customers review their security configuration and consider enabling SSO on their accounts.
There are a couple of steps that need to be taken to enable SSO. Fortunately, many of these can be done in parallel.
Read more about SSO in this Help Center article. To activate SSO or for any questions you may have about this, please contact support@alisqi.com.