This section covers additional requirements for managing users in SSO environments.
The requires additional configuration to integrate with your SSO provider. Available methods:
|SAML IDP||Integrate the platform with enterprise SAML identity provider. See Configure SSO for SAML.|
|Native LDAP-AD||Using native functionality in the platform, it can integrate with enterprise LDAP/AD. For more information, see Configure SSO for AD-LDAP.|
|LDAP-AD via reverse proxy|
A reverse proxy server outside of the platform can be set up for integration with enterprise LDAP/AD.
For more information, see Configure SSO for AD-LDAP.
Tip: By default, user auto-registration is enabled. It is recommended.
How users are managed depends on whether auto-registration is enabled:
After SSO with auto-registration has been enabled, you can still manage users through the Admin Settings page, with the following provisions:
For more information, see Manage Users.
To disable auto-provisioning in the platform, please verify the following property:
Set the following property:
"webapp.sso.enableAutoRegistration" : false,
If SSO auto-registration is disabled, admin users can provision new users of the platform through the following URL:
<hostname>is the host of the
<sso_port_number>is the port number.
The user's password is unnecessary in an SSO environment. You must provide the SSO principal value, which is typically the Active Directory login for the user.
Users access the application through the using the standard hostname and the port that you specified:
NOTE: All users must be use this URL to access the . If they use the non-SSO URL, they may receive an