Delegated Authentication

Prev Next

We support integration with third-party authentication systems for production deployments. If you're interested in learning more, please contact us via Intercom.

Overview

Managing multiple sets of login credentials can be inconvenient for users, and handling passwords can introduce unnecessary complexity for administrators. This integration allows us to leverage your organization's existing IT systems to authenticate users, ensuring secure and seamless access while reducing the burden of password management.

Authentication (AuthN) vs. Authorization (AuthZ)

This feature focuses on authentication (AuthN), which is the process of verifying a user's identity. Authorization (AuthZ), which involves assigning and enforcing user privileges, remains managed by the Provider Connectivity Assurance platform. Currently, Provider Connectivity Assurance does not delegate authorization responsibilities to external systems.

Why Authorization (AuthZ) Is Important

Authorization is essential because administrators must still create users in Provider Connectivity Assurance, assign them roles, and optionally add them to user groups. Users who have not been onboarded will not have access to Provider Connectivity Assurance.

Supported Integration Types

Provider Connectivity Assurance currently supports integrations with OpenID and SAMLv2 providers. If your Identity Provider does not support one of these protocols, please contact us for assistance.

Integration at a Glance

The following is an example of one of our labs integrated with Google Workspace (formerly G Suite) via OpenID.

On the login page, users are prompted to sign in using their Google credentials.

161307213e35ca953161210cc7e066904ScreenShot2019-11-06at83407PM.png

Users are then redirected to the OpenID provider’s landing page (in this case, Google’s sign-in page).
161307119bda65f242543c947a0e7605bimage.png

After successful authentication, users are granted access to the Provider Connectivity Assurance.

How It Works

161309721bec15115f7bc8e8812671b30image.png

  1. The user navigates to the Provider Connectivity Assurance login page and selects the authentication provider link configured for the deployment.
  2. The browser redirects the user to the authentication provider.
  3. The user proves their identity (e.g., through login credentials or another method) with the authentication provider and is redirected back to Provider Connectivity Assurance.
  4. Provider Connectivity Assurance, which is already integrated with the authentication provider, receives a valid authentication token for the user.
  5. The user gains access to Provider Connectivity Assurance. All subsequent requests they perform will be validated against the token provided.

A Note Regarding CAS

Our authentication engine leverages open-source technology, and we have selected CAS for enterprise single sign-on. CAS is a feature-rich platform with strong community support, making it an excellent choice for secure and scalable authentication.

What About APIs?

Using a delegated authentication provider does restrict the ability to authenticate via API using traditional login/password credentials. To address this, we support token-based authentication for API access. Request a token by contacting our Customer Success Managers via Intercom.

© 2025 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks