Skip to main content
Skip table of contents

Common SSO Options

Edit the main configuration file conf/config.yml to fine tune behaviour of the application when using any SSO providers.

Configuration Key (loginMethodConfigurations → )


Example Value

Default Value

formLogin → enabled

Whether the application can be accessed via username and password authentication



apiKeyAuth → enabled

Whether the application can be accessed via an API key authentication



saml → enabled

Whether the application can be accessed via SAML authentication



openIdConnect → enabled

Whether the application can be accessed via OpenId Connect authentication



commonSSOOptions → autoCreateUsers

Controls if the SSO access also creates the user in the application. Disabling this will prevent the login of any non-existing user that isn't already in the application.





Controls if the users created by the SSO access are created in an enabled or disabled state. It has an effect only if autoCreateUsers is set to true. The administrator can manually enable such users in the user management in the application.





Sets the user type for automatically created SSO users. Possible values are: reader, analyst, simulator, modeler or unrestricted. The number of users per type is limited by the license. A user type does not grant any access rights or roles, but only limits the possible access rights or roles a user can be given.

Valid values:

  • reader

  • analyst

  • simulator

  • modeler

  • admin

  • unrestricted



commonSSOOptions → mandatoryGroupName

Use this flag if all users need to belong to the same group, provided by the SSO. This setting has no effect if the synchronization is not enabled in the specific SSO configuration. If the SSO provider does not return the mandatory group for the user, the user cannot login.



commonSSOOptions → ssoLogoutUrl

The URL that the application redirects to, after the user clicks the logout button. Preferably it is set to the SSO's logout endpoint, so that the user is logged from the application and the SSO system.

Application's log in page

commonSSOOptions → requiredGroupNamePrefixes

This list of strings are used to filter out groups in an SSO response without specific prefixes. If one or more prefix values are set, then any group that does not match any value will be treated as if they were not present in the SSO response. If no values are given then all groups will be treated as valid.

Note: If a value for loginMethodConfigurations → commonSSOOptions → mandatoryGroupName has been set then the mandatory group name must have at least of the given prefix values.


*Available since 6.0.0

  • AllowedPrefix1_

  • AllowedPrefix2_


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.