I was just wondering if SSO is available for Perspective projects?
On the gateway I have SSO Enabled, and have entered the SSO Domain, but I don’t see any SSO option in the project properties in perspective? Has this been removed for perspective or am I just missing it?
Hi @nburt -
Which type of Identity Provider are you using for your perspective project(s)?
Since perspective runs in a web browser, perspective achieves SSO through federated authentication capabilities.
We are using Active Directory for our identity provider. I’m not familiar with federated authentication- would that have an effect using Active Directory for SSO?
Hi @nburt -
I see, so you are using an Ignition IdP in your perspective projects which is using an AD user source.
Perspective does not have the capability to use the currently logged in windows user like the designer or vision clients if that is what you are asking?
You could look into setting up something like ADFS on top of your existing AD infrastructure. I haven’t checked myself, but it may be possible for ADFS use the current windows user to perform a federated login back to Ignition.
Thanks for the response. A bit more clarification.
The client has a SAML endpoint. If we configure the SAML IDP in the gateway would that give domain registered devices SSO capabilities through perspective?
Hi @nburt -
Perspective trusts whatever claims or assertions the IdP makes. If your IdP supports the integration between a user logged into your device and the web browser session and is able to authenticate a user using this capability, then Perspective will be able to indirectly take advantage of this capability when the IdP responds to Perspective’s authentication requests.
On a similar topic, we have and OpenID provider successfully working with Azure and our Microsoft 365 directory. I’m good with the perspective session federated login, however I thought we could also set the Designer and Gateway web page to use the same provider, but in the gateway settings it doesn’t show my OpenID provider as an option. Am I missing something?
This is on the roadmap, but not yet available.
Ok thanks!