SSO in Perspective

nburt · April 11, 2019, 1:21pm

I was just wondering if SSO is available for Perspective projects?
On the gateway I have SSO Enabled, and have entered the SSO Domain, but I don’t see any SSO option in the project properties in perspective? Has this been removed for perspective or am I just missing it?

jspecht · April 11, 2019, 3:09pm

Hi @nburt -

Which type of Identity Provider are you using for your perspective project(s)?

Since perspective runs in a web browser, perspective achieves SSO through federated authentication capabilities.

nburt · April 11, 2019, 3:31pm

We are using Active Directory for our identity provider. I’m not familiar with federated authentication- would that have an effect using Active Directory for SSO?

jspecht · April 11, 2019, 4:19pm

Hi @nburt -

I see, so you are using an Ignition IdP in your perspective projects which is using an AD user source.

Perspective does not have the capability to use the currently logged in windows user like the designer or vision clients if that is what you are asking?

You could look into setting up something like ADFS on top of your existing AD infrastructure. I haven’t checked myself, but it may be possible for ADFS use the current windows user to perform a federated login back to Ignition.

nburt · April 15, 2019, 2:04pm

Thanks for the response. A bit more clarification.
The client has a SAML endpoint. If we configure the SAML IDP in the gateway would that give domain registered devices SSO capabilities through perspective?

jspecht · April 15, 2019, 3:21pm

Hi @nburt -

Perspective trusts whatever claims or assertions the IdP makes. If your IdP supports the integration between a user logged into your device and the web browser session and is able to authenticate a user using this capability, then Perspective will be able to indirectly take advantage of this capability when the IdP responds to Perspective’s authentication requests.

c-w-t · May 26, 2020, 1:54pm

On a similar topic, we have and OpenID provider successfully working with Azure and our Microsoft 365 directory. I’m good with the perspective session federated login, however I thought we could also set the Designer and Gateway web page to use the same provider, but in the gateway settings it doesn’t show my OpenID provider as an option. Am I missing something?

PGriffith · May 26, 2020, 4:59pm

This is on the roadmap, but not yet available.

c-w-t · May 26, 2020, 7:22pm

Ok thanks!