Skip to main content
Skip table of contents

Common SSO Options

Edit the main configuration file conf/config.yml to fine tune behaviour of the application when using any SSO providers.

Configuration Key (loginMethodConfigurations → )

Description

Example Value

Default Value

formLogin → enabled

Whether the application can be accessed via username and password authentication

false

true

apiKeyAuth → enabled

Whether the application can be accessed via an API key authentication

true

false

saml → enabled

Whether the application can be accessed via SAML authentication

true

false

openIdConnect → enabled

Whether the application can be accessed via OpenId Connect authentication

true

false

commonSSOOptions → autoCreateUsers

Controls if the SSO access also creates the user in the application. Disabling this will prevent the login of any non-existing user that isn't already in the application.

false

true

commonSSOOptions→

autoCreatedUsersEnabled

Controls if the users created by the SSO access are created in an enabled or disabled state. It has an effect only if autoCreateUsers is set to true. The administrator can manually enable such users in the user management in the application.

false

true

commonSSOOptions→

autoCreatedUserType

Sets the user type for automatically created SSO users. Possible values are: reader, analyst, simulator, modeler or unrestricted. The number of users per type is limited by the license. A user type does not grant any access rights or roles, but only limits the possible access rights or roles a user can be given.

Valid values:

  • reader

  • analyst

  • simulator

  • modeler

  • admin

  • unrestricted

analyst

unrestricted

commonSSOOptions → mandatoryGroupName

Use this flag if all users need to belong to the same group, provided by the SSO. This setting has no effect if the synchronization is not enabled in the specific SSO configuration. If the SSO provider does not return the mandatory group for the user, the user cannot login.

groupName

n/a

commonSSOOptions → ssoLogoutUrl

The URL that the application redirects to, after the user clicks the logout button. Preferably it is set to the SSO's logout endpoint, so that the user is logged from the application and the SSO system.

https://samlserver.company.com/logout

Application's log in page

commonSSOOptions → requiredGroupNamePrefixes

This list of strings are used to filter out groups in an SSO response without specific prefixes. If one or more prefix values are set, then any group that does not match any value will be treated as if they were not present in the SSO response. If no values are given then all groups will be treated as valid.

Note: If a value for loginMethodConfigurations → commonSSOOptions → mandatoryGroupName has been set then the mandatory group name must have at least of the given prefix values.

*Optional

*Available since 6.0.0

  • AllowedPrefix1_

  • AllowedPrefix2_

n/a


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close