SSA and Spectrum 12.0 support integration with Active Directory and LDAP.
But true single sign on (where a user does not have to login) is not supported.
It is a road map item and we are hoping to have this available in a future release sometime in 2018
With AD integration, however many of the benefits of SSO are available.
Below is an overview of how it would work.
- Customers can manage their users and the roles a user is assigned to entirely in AD.
- Users do not need to be added to Spectrum.
- Roles in AD which are relevant to Spectrum Spatial and SSA still need to be added to Spectrum (with the same name or different names)
- There is a facility to then map the AD roles to Spectrum Roles. This is often a one time activity when you first decide what roles are needed for SSA.
- Permissions on which maps can be viewed are then assigned in Spectrum to these Spectrum roles
- When a user logs in they enter their AD username and password and are authenticated against AD.
- Their roles are obtained dynamically from AD and then any that are mapped to Spectrum roles are identified
- Any permissions applied to the mapped roles in Spectrum are then applied to authorise what maps the user can see
Removing a user from AD will immediately prevent them from accessing SSA
Changing a users roles in AD will also affect what maps they can see in SSA
All password management is performed in AD using current password rules.