I would like to know if Spectrum Spatial and SSA v12 support Single Sign On (SSO)?? I haven't found any references to it in the documentation.
Is SSO currently supported or on the Road Map for the next version 12.1 ?
or later Road Map?
SSA and Spectrum 12.0 support integration with Active Directory and LDAP.
But true single sign on (where a user does not have to login) is not supported.
It is a road map item and we are hoping to have this available in a future release sometime in 2018
With AD integration, however many of the benefits of SSO are available.
Below is an overview of how it would work.
- Customers can manage their users and the roles a user is assigned to entirely in AD.
- Users do not need to be added to Spectrum.
- Roles in AD which are relevant to Spectrum Spatial and SSA still need to be added to Spectrum (with the same name or different names)
- There is a facility to then map the AD roles to Spectrum Roles. This is often a one time activity when you first decide what roles are needed for SSA.
- Permissions on which maps can be viewed are then assigned in Spectrum to these Spectrum roles
- When a user logs in they enter their AD username and password and are authenticated against AD.
- Their roles are obtained dynamically from AD and then any that are mapped to Spectrum roles are identified
- Any permissions applied to the mapped roles in Spectrum are then applied to authorise what maps the user can see
Removing a user from AD will immediately prevent them from accessing SSA
Changing a users roles in AD will also affect what maps they can see in SSA
All password management is performed in AD using current password rules.
Hi Mustafa I have SSA AD integration at the moment and was looking to go that bit further?, its great to know that SSO is on the road map for future release.
Do you have a link available to the current road map at all?
I'm just the the process of finalising the roadmap. Once completed, it will be shared with you via your account manager or our partner channel. I think i'm right in saying that you work with Critchlow, @Jacob Pescini. It will be finalised early next week. However, to give you an idea of what you can expect in 12.1 (Due October):
Is there any update on SSA Single Sign On?? Will it be available in the Nov 18 release??
Hi Tim - yes it is planned to be supported for the Nov 2018 release. Spectrum itself supports being configured for SSO with ADFS and now SSA will leverage this. It will be possible to configure SSA to redirect to the Spectrum server for sign on instead of showing the regular SSA login. Spectrum will then take the user through the sign on flow (and show the ADFS login page if the user is not already signed on) and then return back to SSA with a valid token for subsequent use during the user's session.
The team has had a look at the documentation you sent over and I'm afraid to say that it doesn't adhere to the Microsoft AzureAD IAM
We usually get provided technical details for either SAML or OAuth such as
And we provide
I'm a little out of my comfort zone here and the documentation in the admin guide doesn't mention AzureAD at all.Do you know if this can be done and just requires configuration or is there a specific reason it wont work. If it doesn't is there anything on the roadmap that I can point at instead? I would assume more organisations will move to AzureAD over time.ThanksNick