Primary Authentication Controller
From SmartWiki
The Primary Authentication Controller feature allows one instance of SmartSimple to authenticate users to gain access to a separate instance without having to log in separately (Single Sign-On).
Note: this is only relevant to clients that use multiple instances of SmartSimple.
- The instances can reside on the same server, or on separate servers.
- This access can be granted to all users, or limited to a subset of users.
Configuration
Target Instance (Authentication Member)
Before configuring the Primary Authentication Controller instance you must enable Authentication Member on the target instance and generate the key that will be used by the Primary Authentication server to gain access.
- On Global Settings within the Login & Security Settings section select the check box to enable the instance as an Authentication Member.
- Save the page and the Authentication Member Configurations link will appear.
- Within the Authentication Member Configurations page click New. Complete the details as required:
| Setting | Description |
|---|---|
| Controller Name | Enter any name you wish. |
| Description | Enter desired description. |
| Alias | The Alias of the instance that will act as the Primary Authentication Controller. |
| Member security key | This will be populated once the settings are saved. This key must be entered in the configuration of the Primary Authentication Controller instance. |
| Allow all users | Enable this setting if all login-enabled accounts within this Authentication Member instance should be allowed authenticate and connect via the Primary Authentication Controller. |
| Enabled users | If Allow all users is not enabled this allows you to select individual user(s) that can use the Primary Authetication Controller to authenticate for this instance. |
| Create users if not found | Enable this setting to enable automatic creation of a new account within this instance if someone with an account on the Primary Authentication Controller attempts to connect. Note: this settings attempts to match the e-mail address only. If an account with the same e-mail address already exists on the Member Server, but is not login enabled it will be enabled when they connect. |
| Default branch of new user | If Create users if not found is enabled you can select which internal branch/company they will be created within. |
| Default role of new user | If Create users if not found is enabled you can select which role newly created users will be given. |
