Windows SSO
Single Sign-On allows users to access their Agiloft knowledgebase with a hyperlink. The link, which is verified against LDAP, uses the user's Windows session login to access the system.
This feature uses an Active X control, so the following conditions are required:
- Use the required browser, Internet Explorer 5.0+
- Server must be included in the browser's list of trusted sites
- The user's Windows login name must be the same as their Agiloft login
If these conditions met, the user can instantly login using the following URL: http://SERVER:8080/gui2/sso.jsp?autoLogin=true&project=KB_NAME&State=Main
System Setup
Click the Setup gear in the top-right corner and go to Access > Single Sign-On.
- Set Enable LDAP Single Sign-On to Yes.
Select and configure either a domain name or IP address range:
Enter the trusted domain name, so that users coming from this domain can use single sign-on. This option is most useful if the system is within your firewall.
Enter a range of trusted IP-addresses, so that users coming from these addresses can use single sign-on. This option is very useful if you are accessing the system from across a firewall / NAT since, from the perspective of the system, all your users will appear to come from a single IP address. It can also be used if the system is within your firewall.
- Select any groups you want to exclude from single-sign on. Usually, this is used to make sure users with extensive permissions, such as administrators, are always manually authenticated.
- Select an authentication method.
- If desired, select the option to validate the login password against the password in the Active Directory database.
If you want to use Windows SSO when users click hyperlinks from within an email, complete these steps as well:
- Go to Setup > System > Manage Global Variables.
- Go to the Variables with Default Values tab.
- Edit the Hotlink Type global variable.
- Set the Global Variable Value to OTHER_SSO.
Force SSO Login
To force users to log in with SSO, you can prevent them from accessing Agiloft with their username and password. Follow the steps below to make the Password field optional in the Employees table and then remove passwords for employees who should log in with SSO. Now, users whose passwords were reset can only log in with SSO.$global.null
and click Next.