Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:sso [2018/02/04 17:05]
sylvain
en:sso [2018/11/06 17:31]
sylvain
Line 1: Line 1:
 ====== Prerequisites ====== ====== Prerequisites ======
   * To have the permission ''​Full administrative privileges''​   * To have the permission ''​Full administrative privileges''​
 +  * To have installed and configured LES (see [[les|LES installation]]
  
-To activate ​the authentication ​against ​an Active Directory, you have to configure the LES server first from a client application. +====== Delegation of authentication configuration ====== 
-To do that, start by clicking on the icon in the task bar then click on ''​Manage''​:+ 
 +To configure ​the delegation of authentication ​to an Active Directory, start by clicking on Lena'​s ​icon in the task bar then click on {{fa>​cogs}} ​:
  
 {{ manage.gif }} {{ manage.gif }}
 +
 +Then clikc on the ''​Account Settings''​ icon in the side-left menu, the following options are then available:
 +  * (1) Enable/​disable the delegation of authentication
 +  * (2) Enable/​disable the automatic creation ​ of users: it enables Lena to automatically create a user authenticated buy the Active Directory who does not exist yet in Lena.
 +  * (3) Authorize email/​password authentication for regular users: it enables regular users to login with an email/​password even if the delegation of authentication is enabled (they can thus login outside the organization network).
 +  * (4) Authoriez email/​passwod authentication for admins: likewise but for admin users.
 +
 +{{ manage_sso.png?​700 }}
 +
 +<callout type="​tip"​ title="​Important"​ icon="​true">​
 +By default, organizations which use the delegation of authentication cannot authenticate their users outside of the organization where the Active Directory is not reachable (unless configured otherwise, see here-above).
 +
 +It is nonetheless possible to authorize specific users to authenticate with an email and a password. It requires to define an email address for these users (1) and to give them the permission ''​Can use login/​password to bypass SSO''​ (2) (see. [[users|Manage users and groups]]):
 +
 +{{ bypass_sso.png?​700 }}
 +</​callout>​