__system-level-security-2-image-unique-image-unique

__system-level security

<h4>Installing the SSO Router</h4>
<ol>
<li style="font-weight: 400;" aria-level="1">Extract the .zip file.</li>
<li style="font-weight: 400;" aria-level="1">Install plugin following steps described in the readme file.</li>
</ol>
<img loading="lazy" class="img-polaroid alignnone" src="https://cdn.sisense.com/wp-content/uploads/sso-router1-770x348.png" alt="" width="770" height="348" />
Configuring the SSO Router
SSO Router configuration is located in a JS config file. 
To configure the SSO Router, update the configuration file.
File location:
<ul>
<li>Linux: /ssoRouter/v1/config.js</li>
<li>Windows: /sisense/app/ssoRouter/src/features/ssoRouter/v1/config.js</li>
</ul>
The configuration file contains a configuration object with five keys:
<ol>
<li>login: Object. Contains key-value pairs of the request origin and the required route URL**</li>
<li>logout: Object. Contains key-value pairs of the request origin and  the required route URL**</li>
<li>loginURLParameter: String. In case the login SSO handler is determined by a URL parameter, state the URL parameter name. 
To pass a URL parameter, replace all the # characters in the URL with %23. 
For example: 
http://sisense.dns.com/app/main#/home?embed=true =&gt; 
http://sisense.dns.com/app/main%23/home?embed=true</li>
<li>loginParameterMapping: Object. If the login SSO handler is determined by a URL parameter, state the parameter value as the key and the redirect address as the value.</li>
<li>logoutParameterMapping**: Object.  In case the logout sso handler is determined by a URL parameter (when `loginURLParameter` is configured), set the parameter value as the key and the redirect address as the value.</li>
</ol>
* * Source:Redirect key-value pairs: The key represents the Sisense DNS. Provide the DNS with no protocol (HTTP/HTTPS). 
The value is the URL to redirect to. 
The keys and values can contain up to a single attribute. 
The attribute will be in the format: ${attribute_name}.
Important Note: For login requests, if the login URL parameter is specified, the loginParameterMapping is used. If the login URL parameter is not specified, the login mapping is used. For logout requests, in case the logout URL parameter is specified, the logoutParameterMapping is used. If the logout URL parameter is not specified, the logout mapping is used.
Additional configuration example has been provided in readme file.
Configuration example:
Preview
Post to LiveJournal
<pre>const config = {
    login: {
        'tenantA.com': 'http://tenantA.sso.com',
        '${attribute}.tenant': 'http://${attribute}.tenant.sso.com'
    },
    logout: {
        'tenantA.com': 'http://tenantA.main.com',
    },
    loginURLParameter: 'domain',
    loginParameterMapping: {
        1: 'http://tenantA.sso.com',
        2: 'http://tenantB.sso.com'
    }
};</pre>
Login request:
<div class="table-responsive">
<table class="table table-bordered" style="font-size: 12px;" width="705">
<thead>
<tr>
<th>Source Domain</th>
<th>Redirect URL</th>
<th>Explanation</th>
</tr>
</thead>
<tbody>
<tr>
<td>http://tenantA.com</td>
<td>http://tenantA.sso.com</td>
<td>Since there is no URL parameter, the Router will try to find the SSO handler URL in the ‘login’ object</td>
</tr>
<tr>
<td>https://tenantA.com</td>
<td>http://tenantA.sso.com</td>
<td>Since there is no URL parameter, the Router will try to find the SSO handler URL in the ‘login’ object. 
The source request protocol (HTTP/HTTPS) does not take place when calculating the redirect URL.</td>
</tr>
<tr>
<td>http://a.tenant</td>
<td>http://a.tenant.sso.com</td>
<td>The login URL matches the template 
${attribute}.tenant</td>
</tr>
<tr>
<td>http://tenantA?domain=1</td>
<td>http://tenantA.sso.com</td>
<td>Since the domain parameter is provided, the SSO handler URL will be the URL that is mapped to the “domain” parameter value</td>
</tr>
</tbody>
</table>
</div>
Logout request:
<div class="table-responsive">
<table class="table table-bordered" style="font-size: 12px;" width="705">
<thead>
<tr>
<th>Source Domain</th>
<th>Redirect URL</th>
</tr>
</thead>
<tbody>
<tr>
<td>http://tenantA.com</td>
<td>http://tenantA.main.com</td>
</tr>
</tbody>
</table>
Configuring Sisense to Use the SSO Router as the Login Endpoint
<ol>
<li>Open the Configuration Manager 
For <a href="https://documentation.sisense.com/latest/administration/system-settings/configmgr_linux.htm#gsc.tab=0">Linux</a> 
For <a href="https://documentation.sisense.com/latest/administration/system-settings/configmgr.htm#gsc.tab=0">Windows</a></li>
<li>Click the Sisense logo five times to present the full list of configurations.</li>
<li>Open the Base Configuration tab.</li>
<li>Under the SSO section:
<ol>
<li>Update the sso.loginUrl to /api/v1/ssoRouter/login</li>
<li>If needed, update the sso.logoutUrl to /api/v1/ssoRouter/logout</li>
</ol>
</li>
<li>Click Save Base, in the top-right corner.</li>
</ol>
<img loading="lazy" class="alignnone" src="https://cdn.sisense.com/wp-content/uploads/sso-config-manager1-e1600351912902.png" alt="" width="1200" height="423" />
</div>

Single Sign-On

multi-tenant

Single-Sign On

The Single Sign-On Router provides new REST API endpoints to route login and logout JWT SSO requests based on the source request domain or URL parameter.
Important Note: The client should implement the SSO JWT handler. The SSO Router only routes to existing endpoints.
Use Case 1: 
A company using multi-tenant configuration defines URL parameter that will determine the user&#8217;s tenant. When a user connects to Sisense and the URL parameter set to his tenant&#8217;s identifier, Sisense routes the request to the tenant&#8217;s unique SSO handler.
Use Case 2: 
A company using multi-tenant configuration creates a unique URL parameter for each tenant. When a user connects to Sisense using a specific parameter, Sisense routes the request to the tenant&#8217;s unique SSO handler.

Get the Add-on

Leave Feedback