Single Sign-On allows users to access their  Agiloft knowledgebase with a hyperlink. The link, which is verified against LDAP, uses the user's Windows session login to access the system.

This feature uses an Active X control, so the following conditions are required:

• Use the required browser, Internet Explorer 5.0+
• Server must be included in the browser's list of trusted sites.
• The user's Windows login name must be the same as their  Agiloft login.

If these conditions met, the user can instantly login using the following URL: http://SERVER:8080/gui2/sso.jsp?autoLogin=true&project=KB_NAME&State=Main

System Setup

1. Enter the trusted domain name, so that users coming from this domain can use single sign-on. This option is most useful if the system is within your firewall.

   OR

2. Enter a range of trusted IP-addresses, so that users coming from these addresses can use single sign-on. This option is very useful if you are accessing the system from across a firewall / NAT since from the perspective of the system all your users will appear to come from a single IP address and it can also be used if the system is within your firewall.

   

3. To enable Windows SSO for your users when they click a hyperlink sent within an email, change the Hotlink Type global variable to OTHER_SSO. You can do this on either the Admin Console or Power-User interface.

Be aware that if single sign-on authentication is enabled it is possible to login from a user's desktop without entering a password. This may be considered a security risk for highly privileged users such as members of the admin group. The Excluded Groups selection list allows you to exclude members of such groups from using this feature.