| XLCubed is now FluenceXL. The new wiki can be found here: https://help.fluencexl.com/ |
Difference between revisions of "Single sign-on"
(→Provider setup) |
(→Attributes) |
||
| Line 40: | Line 40: | ||
==Attributes== | ==Attributes== | ||
| + | |||
| + | The NameID attribute will be used as the key for users to store user-specific information such as "My Reports", recent reports, bookmarks, workbook aspects etc. Any format should be fine. | ||
| + | |||
| + | The following optional attributes can also be included: | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | ! Attribute !! Description !! Example | ||
| + | |- | ||
| + | | DisplayName || The text to display when the user is listed || Joe Bloggs | ||
| + | |- | ||
| + | | Email || The email address of the user, would be used when emailing alerts, for example || joe.bloggs@xlcubed.com | ||
| + | |- | ||
| + | | EffectiveUser || User-id for connections that support this option. See "Datasources" section for more information || cubeuser | ||
| + | |- | ||
| + | | EffectiveRole || Comma-delimited list of Cube Roles to use for this user. See "Datasources" section for more information || Accounts, Management | ||
| + | |- | ||
| + | | MemberOf || Comma-delimited list of SIDs or active-directory group paths the user belongs to, this is used to determine which XLCubed Roles the user belongs to || S-1-5-21-1085031214 | ||
| + | |- | ||
| + | | Roles || Comma-delimited list of XLCubedWeb Roles the user belongs to, this controls which folders and reports they can see and what level of access they have || Authenticated User, Upper Management | ||
| + | |} | ||
==Provider metadata== | ==Provider metadata== | ||
Revision as of 16:34, 6 February 2019
From Version 9.2.29 you can setup XLCubedWeb to use an SAML 2.0 compliant Identity provider service to handle user authentication.
Contents
[hide]Requirements
You will need the following:
- Enterprise XLCubedWeb
- A SQL-based Repository in "Role" mode
- An identity provider service that supports SAML 2.0 (for example, Okta, PingIdentity etc.)
- Some identity providers will require that the XLCubedWeb website is running as HTTPS
- Contacted support@xlcubed.com to enable the feature
Setup
Provider setup
You will need to create a new application or service provider. Use the following details where:
servername = Your xlcubedweb server address, for example http://someserver/xlcubedweb, this needs to match what the users would type into a web browser of the Excel publication screen
xlcubedurl = servername/webform/auth.aspx, for example http://someserver/xlcubedweb/webform/auth.aspx
The following is a list of possible information you will need to provide:
| Field | Value |
|---|---|
| Single sign On URL | xlcubedurl |
| Recipient URL | xlcubedurl |
| Destination URL | xlcubedurl |
| SP Entity ID | XLCubedWeb |
| Audience URI | XLCubedWeb |
| Audience Restriction | XLCubedWeb |
Attributes
The NameID attribute will be used as the key for users to store user-specific information such as "My Reports", recent reports, bookmarks, workbook aspects etc. Any format should be fine.
The following optional attributes can also be included:
| Attribute | Description | Example |
|---|---|---|
| DisplayName | The text to display when the user is listed | Joe Bloggs |
| The email address of the user, would be used when emailing alerts, for example | joe.bloggs@xlcubed.com | |
| EffectiveUser | User-id for connections that support this option. See "Datasources" section for more information | cubeuser |
| EffectiveRole | Comma-delimited list of Cube Roles to use for this user. See "Datasources" section for more information | Accounts, Management |
| MemberOf | Comma-delimited list of SIDs or active-directory group paths the user belongs to, this is used to determine which XLCubed Roles the user belongs to | S-1-5-21-1085031214 |
| Roles | Comma-delimited list of XLCubedWeb Roles the user belongs to, this controls which folders and reports they can see and what level of access they have | Authenticated User, Upper Management |
