What's in the article:
What is SSO
What is SSO?
Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using a single set of credentials.
RedEye uses a third-party Identity Provider (IdP) service, Auth0 (https://auth0.com), to provide federated authentication services for all our applications both mobile and web. With Auth0, DMS has the ability to integrate with all of our customers' enterprise Identity Providers most commonly using (but not limited to) SAML and OAuth with a single consistent API. With SSO authentication, customers are in complete control of authenticating requests and are free to implement your own control and access policies for staff including performing Multi-Factor Authentication.
How do I get SSO?
SSO is usually set up in the bucket establishment process. Technical details are required to onboard an Identity Provider into Auth0 to authenticate with DMS. If you are an existing customer and would like to enable SSO for your bucket, please contact your Customer Success Manager for further details.
Bucket/Group role configuration
As a Bucket Administrator, once the technical configuration is set up, you can access the SSO Settings page under Manage Bucket. In the page, you'll see that you can set a default role for users to obtain when they log in via SSO for the first time without an invitation.
For further information on User Roles in RedEye, please refer to This Article to select the appropriate role for new users. If a Group based role is selected, a Default User Group needs to be selected also.
Protected Bucket
Protected Bucket is an enhanced SSO feature extended to external users and improves the experience for new users in RedEyeDMS. This feature will require additional configuration. Please get in touch with your Customer Success Team for further information.
With Protected Bucket feature configured, all users (including contractors) will need to be in the organisation's SSO directory to access the bucket. eg @assetowner.com.au, @gmail.com and @contractor1.com. All user authentication is performed against the organisation's idp instead of RedEye. Standard SSO is only available for users from the customers' organisation with a customer email domain, eg @redeye.co.
Note:
Effective March 2023, with enhanced security measures, RedEye requires the list of email domains configured in Active Directory to be whitelisted in DMS. All email domains to be allowed through SSO need to be provided to RedEye via your project manager or Customer Success Manager to ensure secured access to RedEye for all users.
Session Limits
The current session timeout limit for DMS is set by default to 12 hours. If your security requirements specify a shorter timeout limit, this can be configured on a per-bucket basis.
Comments
0 comments
Article is closed for comments.