Synchronize login across projects/sessions

Hi All,

I've been working on a perspective application that has been growing in size (single site with multiple facilities). I'm at a point where it would be convenient to start splitting it out into multiple sub-projects using inheritance.

The problem:

1. Users are authenticated against an ignition IDP from our site active directory user source.
2. When a user moves from one project to another they are required to re-authenticate. Since the user has no concept of projects they are left wondering why they have to sign in so many times.

The desired fix:

1. Have users sign in once from any project and propagate their authentication through every other project they click through.
2. Since I cannot set up a new identity provider to use SSO I am looking for a way to accomplish this using the active directory source.

Is this possible in perspective?

Disclaimer: I'm by no means an expert at IdP related stuff.

No, or at least not currently. At most you could have a 'sticky' session, where you would be redirected to login then immediately redirect back because the IdP "knows" you; this behavior is pretty fundamental to the way identity providers and federated identity works. Your login request is 'associated' with a particular resource, and once you succeed at authenticating, you are granted access to that one particular project.

Better tools around organization of project resources might be a more feasible option here than trying to change how IdPs work; even if we changed Ignition's IdP, it wouldn't help customers using third party IdPs.