Single Sign-On allows users to access their Agiloft knowledgebase with a hyperlink. The link, which is verified against LDAP, uses the user's Windows session login to access the system.
This feature uses an Active X control, so the following conditions are required:
- Use the required browser, Internet Explorer 5.0+
- Server must be included in the browser's list of trusted sites.
- The user's Windows login name must be the same as their Agiloft login.
If these conditions met, the user can instantly login using the following URL: http://SERVER:8080/gui2/sso.jsp?autoLogin=true&project=KB_NAME&State=Main
Click the Setup gear in the top-right corner and go to Access > Single Sign-On.
- Set Enable LDAP Single Sign-On to Yes.
Select and configure either a domain name or IP address range:
Enter the trusted domain name, so that users coming from this domain can use single sign-on. This option is most useful if the system is within your firewall.
Enter a range of trusted IP-addresses, so that users coming from these addresses can use single sign-on. This option is very useful if you are accessing the system from across a firewall / NAT since, from the perspective of the system, all your users will appear to come from a single IP address. It can also be used if the system is within your firewall.
- Select any groups you want to exclude from single-sign on. Usually, this is used to make sure users with extensive permissions, such as administrators, are always manually authenticated.
- Select an authentication method.
- If desired, select the option to validate the login password against the password in the Active Directory database.
If you want to use Windows SSO when users click hyperlinks from within an email, complete these steps as well:
- Go to Setup > System > Manage Global Variables.
- Go to the Variables with Default Values tab.
- Edit the Hotlink Type global variable.
- Set the Global Variable Value to OTHER_SSO.