Single Sign-On allows users to access their knowledgebase with a hyperlink. The link, which is verified against LDAP, uses the user's Windows session login to access the system.
This feature uses an Active X control, so the following conditions are required:
If these conditions met, the user can instantly login using the following URL: http://SERVER:8080/gui2/sso.jsp?autoLogin=true&project=KB_NAME&State=Main
Click the Setup gear in the top-right corner and go to Access > Single Sign-On.
Select and configure either a domain name or IP address range:
Enter the trusted domain name, so that users coming from this domain can use single sign-on. This option is most useful if the system is within your firewall.
Enter a range of trusted IP-addresses, so that users coming from these addresses can use single sign-on. This option is very useful if you are accessing the system from across a firewall / NAT since, from the perspective of the system, all your users will appear to come from a single IP address. It can also be used if the system is within your firewall.
If you want to use Windows SSO when users click hyperlinks from within an email, complete these steps as well:
Finally, to make sure users log in with SSO after the transition, manually set new passwords for users who should use SSO instead. To do so:
Go to the People table and select every user who should use SSO from this point on.
Don't select every single user in your system. It's best to leave at least one administrator unchanged, if not the whole admin team, in case you encounter SSO issues in the future that prevent users from logging in with SSO. |
Select the formula option and enter random_password(15). This will call the random_password(15) function to randomly generate a new 15-character password for everyone you selected.
Next, go to Setup > System > Manage Global Variables and check the Customized Variables tab for the Hotlink Type variable. If it has been customized, edit it and reset it to the default value of STANDARD.
You might also notice a setting in the People table called SSO Authentication Method. This field is set automatically by the system when you enable SSO, and should not be modified.