Primary Authentication Controller
The Primary Authentication Controller feature allows one instance of SmartSimple to authenticate users to gain access to a separate instance without having to log in separately (Single Sign-On).
Note: this is only relevant to clients that use multiple instances of SmartSimple.
- The instances can reside on the same server, or on separate servers.
- This access can be granted to all users, or limited to a subset of users.
Contents
Configuration
Authentication Member
Before configuring the Primary Authentication Controller (PAC) instance you must enable Authentication Member on the target instance and generate the key that will be used by the Primary Authentication instance to gain access.
- On Global Settings within the Login & Security Settings section select the check box to enable the instance as an Authentication Member.
- Save the page and the Authentication Member Configurations link will appear.
- Within the Authentication Member Configurations page click New. Complete the details as required:
Setting | Description |
---|---|
Controller Name | Enter any name you wish. |
Description | Enter desired description. |
Alias | The Alias of the instance that will act as the Primary Authentication Controller. |
Member security key | This will be populated once the settings are saved. This key must be entered in the configuration of the Primary Authentication Controller instance. |
Allow all users | Enable this setting if all login-enabled accounts within this Authentication Member instance should be allowed authenticate and connect via the Primary Authentication Controller. |
Enabled users | If Allow all users is not enabled this allows you to select individual user(s) that can use the Primary Authentication Controller to authenticate for this instance. |
Create users if not found | Enable this setting to enable automatic creation of a new account within this instance if someone with an account on the Primary Authentication Controller attempts to connect. Note: this settings attempts to match the e-mail address to uses that are already login enabled only. If an account with the same e-mail address already exists on the Member instance, but is NOT login enabled a new user will be created when they attempt to connect. This is to avoid accidentally activating an existing contact with inappropriate pre-existing Role(s). The new user will be created with the branch and role defined in the following 2 settings. |
Default branch of new user | If Create users if not found is enabled you can select which internal branch/company they will be created within. |
Default role of new user | If Create users if not found is enabled you can select which role newly created users will be given. |
Primary Authentication Controller
To configure the instance that will act as the Primary Authentication Controller (PAC), to authenticate logins for the Authentication Member instance:
- On Global Settings within the Login & Security Settings section select the check box to enable the instance as a Primary Authentication Controller.
- Save the page and the Primary Authentication Configurations Configurations link will appear.
- Within the Primary Authentication Controller Configurations page click New. Complete the details as required:
Setting | Description |
---|---|
Member Name | Enter any name you wish. |
Description | Enter desired description. |
Member Alias | The Alias of the Authentication Member instance. |
Member URL | The URL of the Authentication Member instance (ie: http://alias2.smartsimple.com). |
Member security key | This key provided by the Authentication Member instance. |
Once you have entered the above details and saved the configuration it will appear on the list of Authentication Members with a button that allows you to select which users within the Primary Authentication Controller instance are permitted to access the member instance.
Enabled Users Options
One or more of the following Enabled Users options can be set, depending on which settings are applied within the PAC and Member Authentication Controllers.
All Users to All Users
If Allow All Users is enabled on the Authentication Member instance you can set up an All Users to All Users setting. This configuration will look for an enabled user account on the Authentication Member instance that matches the e-mail address of the person logged into the PAC.
- This is the most common setting, as there is a one-to-one relationship between accounts in each instance.
- If a user on the PAC does not exist or is not enabled on the Authentication Member the user will either be denied access or a new account created, depending on the Create Users if not found setting in the Member Controller as described above.
Auditing
Notes
If PAC for a given member instance doesn't have a Primary Authentication Controller User enabled for All Users, and your account is not specifically listed you will NOT see the server listed on the Authenticated Servers and you will NOT have access to the instance via the Authentication Controller.