Spectrum Spatial (SSA/LIM)

 View Only
  • 1.  SSA and Single Sign On (SSO)

    Posted 09-07-2017 03:04

    Hi there,

    I would like to know if Spectrum Spatial and SSA v12 support Single Sign On (SSO)?? I haven't found any references to it in the documentation.

    Is SSO currently supported or on the Road Map for the next version 12.1 ?

    or later Road Map?



  • 2.  RE: SSA and Single Sign On (SSO)

    Posted 09-08-2017 04:32

    SSA and Spectrum 12.0 support integration with Active Directory and LDAP. 

    But true single sign on (where a user does not have to login) is not supported.

    It is a road map item and we are hoping to have this available in a future release sometime in 2018

     

    With AD integration, however many of the benefits of SSO are available.

     

    Below is an overview of how it would work.

     

    - Customers can manage their users and the roles a user is assigned to entirely in AD.

    - Users do not need to be added to Spectrum.

    - Roles in AD which are relevant to Spectrum Spatial and SSA still need to be added to Spectrum (with the same name or different names)

    - There is a facility to then map the AD roles to Spectrum Roles. This is often a one time activity when you first decide what roles are needed for SSA.

    - Permissions on which maps can be viewed are then assigned in Spectrum to these Spectrum roles

    - When a user logs in they enter their AD username and password and are authenticated against AD.

    - Their roles are obtained dynamically from AD and then any that are mapped to Spectrum roles are identified

    - Any permissions applied to the mapped roles in Spectrum are then applied to authorise what maps the user can see

     

    Removing a user from AD will immediately prevent them from accessing SSA

    Changing a users roles in AD will also affect what maps they can see in SSA

    All password management is performed in AD using current password rules.



  • 3.  RE: SSA and Single Sign On (SSO)

    Posted 09-10-2017 21:20

    ?

    Hi Mustafa I have SSA AD integration at the moment and was looking to go that bit further?, its great to know that SSO is on the road map for future release.

    Do you have a link available to the current road map at all?

    cheers

     



  • 4.  RE: SSA and Single Sign On (SSO)

    Posted 09-11-2017 15:06

    Hi Peter,

    I'm just the the process of finalising the roadmap. Once completed, it will be shared with you via your account manager or our partner channel. I think i'm right in saying that you work with Critchlow, @Jacob Pescini. It will be finalised early next week. However, to give you an idea of what you can expect in 12.1 (Due October):

    • Users can continue to add or edit more records when in edit mode - you will no longer have to select done between each edit
    • User is able to edit Tab files - yes you will be able to edit TAB files in SSA.
    • User can Multi-select from a single layer and display map information
    • plus a further 23 items, designed to enhance the user experience

     

    Regards

    Andy

     

     

    Regards



  • 5.  RE: SSA and Single Sign On (SSO)

    Posted 10-29-2018 22:56

    Is there any update on SSA Single Sign On?? Will it be available in the Nov 18 release??



  • 6.  RE: SSA and Single Sign On (SSO)

    Posted 10-30-2018 12:05

    Hi Tim - yes it is planned to be supported for the Nov 2018 release. Spectrum itself supports being configured for SSO with ADFS and now SSA will leverage this. It will be possible to configure SSA to redirect to the Spectrum server for sign on instead of showing the regular SSA login. Spectrum will then take the user through the sign on flow (and show the ADFS login page if the user is not already signed on) and then return back to SSA with a valid token for subsequent use during the user's session.



  • 7.  RE: SSA and Single Sign On (SSO)

    Posted 02-25-2019 00:56
    Edited by Duri Bradshaw 02-25-2019 00:57
    Does anybody know if its is possible to set up SSO using Azure AD?
    I know I can set up ADFS in Azure but I would like to know if it is possible using just Azure AD as lots of clients now have this as part of their Office365 subscription. I see that Azure AD supports SAML but I'm not sure if its compatible with SSA?

    ------------------------------
    Duri Bradshaw
    Spatial IT Consultant
    Insight GIS
    ------------------------------



  • 8.  RE: SSA and Single Sign On (SSO)

    Posted 09-11-2021 08:47
    Duri/Mustafa,

    a client is trying to instigate Azure SSO and has come back with the following query :

    The team has had a look at the documentation you sent over and I'm afraid to say that it doesn't adhere to the Microsoft AzureAD IAM

     We usually get provided technical details for either SAML or OAuth such as

     

    • Redirect URI
    • Front-channel Logout URL

      

    And we provide

    • Application client ID
    • Directory Tenant ID
    • Secret ID
    • OpenID connect MetaData

     
    I'm a little out of my comfort zone here and the documentation in the admin guide doesn't mention AzureAD at all.

    Do you know if this can be done and just requires configuration or is there a specific reason it wont work.  If it doesn't is there anything on the roadmap that I can point at instead?  I would assume more organisations will move to AzureAD over time.

    Thanks

    Nick



    ------------------------------
    Nick Hall
    Mapchester LTD
    Manchester
    ------------------------------



  • 9.  RE: SSA and Single Sign On (SSO)

    Posted 09-12-2021 20:22
    Hi Nick,

    Last time I looked I wasn't able to get SSO working with AzureAD, I have a feeling Spectrum only supports ADFS.

    @Mustafa Ismail may be able to confirm this and if there are any plans to support AzureAD.

    Duri


    ------------------------------
    Duri Bradshaw
    Spatial IT Consultant
    Insight GIS
    ------------------------------



  • 10.  RE: SSA and Single Sign On (SSO)

    Posted 09-13-2021 19:17
    Hi All,

    We had a good go at SSO with AzureAD. The best solution we could come up with is using the TennentID instead of groups. This meant that the user was authenticated by AzureAD but user access rights to map projects and resources still needed to be handled via the Management Console (or in bulk by the CLI). So now when a new user first logs into the system their email address is registered and assigned the default user role, which in our case had no access beyond the public maps. Then the admin can goes into the Management Console and assign additional roles.

    Sorry I can't be clearer but I hope this tidbit helps.

    ------------------------------
    Lee Crosby
    Campaspe Shire Council
    Echuca VIC
    ------------------------------