Login
    Contents x
    Delegated authentication
    • 16 Sep 2022
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Delegated authentication

    • Updated on 16 Sep 2022
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    We now support integration to third party authentication systems for production deployments. If this is of interest to you, please reach out to us on Intercom!

    Why is it cool?

    People don't want to have a bunch of login information to remember (and we honestly would prefer not to have to handle their passwords), so this feature allows us to integrate with your company's existing IT systems to validate users are whom they say they are.

    AuthN vs AuthZ

    What we're taking about is authentication (AuthN), which is identity confirmation. Analytics is still responsible for authorization (AuthZ), making sure you only get the privileges granted to you, and does not currently delegate that responsibility.

    Why do you care that we do AuthZ?

    Because it means an admin still needs to create users in Analytics, assign them a role and optionally to user groups. Users that have not been onboarded will not get access to Analytics.

    What types of integrations do you support?

    Skylight Analytics works with OpenID and SAMLv2 providers at the moment. Does your Identity Provider not support one of those two? Let us know!

    What it does it look like?

    Here is an example of one of our labs integrated with Accedian's Gsuite via OpenID. The login page simply suggests to use your Google credentials.
    161307213e35ca953161210cc7e066904ScreenShot2019-11-06at83407PM.png

    Users are then re-directed to the OpenID providers landing page (in our case, Google's sign-in).
    161307119bda65f242543c947a0e7605bimage.png

    Then you're in!

    How does it work?

    161309721bec15115f7bc8e8812671b30image.png

    1. User goes to the Analytics login page, selects the auth provider link configured for the deployment.
    2. Their browser will re-direct them to the auth provider
    3. They select/prove their identity with the auth provider and get redirected back to Analytics.
    4. The auth provider has already been integrated with Analytics and sends us a valid auth token for that user.
    5. The user is IN! Any requests they perform will be validated again the token provided.

    Note about CAS

    We like using open source components, and our Auth engine is no exception. We use an open source project called CAS for enterprise single sign-on. It's feature rich and well supported by the community.

    What about the APIs!

    True, using a delegated auth provider does also remove the ability to authenticate via API using login/password. So for these deployments, we support token generation! We'll soon implement self-management of these tokens, but for now if you need one, contact our Customer Success Managers via Intercom to get one.

    © 2024 Accedian Networks Inc. All rights reserved. Accedian®, Accedian Networks®,  the Accedian logo™, Skylight™, Skylight Interceptor™ and per-packet intel™, are trademarks or registered trademarks of Accedian Networks Inc. To view a list of Accedian trademarks visit: http://accedian.com/legal/trademarks/. 

    Was this article helpful?
    What's Next
    Get In Touch
    Learn
    About Us
    © 2024 Accedian Legal
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout