SSO Using OpenID Connect
OpenID Connect (OIDC) is a protocol that enables SSO integration between Sisense and an Identity Provider.
These are some of the certified SSO OIDC Identity Providers that Sisense supports.
- OneLogin
- G Suite
- Auth0
Enabling and Configuring
On the Sisense Admin page for Single Sign-On, enable and configure the identity protocol. Individual fields are described below.
- Enable Single Sign On Configuration.
- Select OpenID Connect.
- Fill in the following SSO configuration fields:
Scope
Enter the scope value defined in the Identity Provider SSO setup for the Sisense site.
Client ID
Enter the client ID defined in the Identity Provider SSO setup for the Sisense site.
Client Secret
Enter the Client Secret defined in the Identity Provider SSO setup for the Sisense site.
Issuer
Enter the issuer value defined in the Identity Provider SSO setup for the Sisense site.
Authentication URL.
Enter the authentication URL defined in the Identity Provider SSO setup for the Sisense site. This is the URL to the login page of your Identity Provider where Sisense redirects the user when they try to access a dashboard.
Token URL.
Enter the token URL defined in the Identity Provider SSO setup for the Sisense site. This is the URL that returns access tokens, ID tokens, and refresh tokens.
User Info URL.
Enter the user info URL defined in the Identity Provider SSO setup for the Sisense site. This is the URL that returns information about the currently signed-in user.
Logout URL
Enter the logout URL defined in the Identity Provider SSO setup for the Sisense site. This is the URL users are redirected to when they log out of Sisense .
User Attributes
Email Claim
The attribute's name in the token (used in the handler's coding) that identifies the user’s login/email.
First Name Claim
The attribute's name in the token (used in the handler's coding) that identifies the user’s first name.
Last Name Claim
The attribute's name in the token (used in the handler's coding) that identifies the user’s Last Name.
To override these defaults, enter the names of each of the claims from your identity protocol.
- Select how to define the user’s role.
Use Defaults.
Every new user is assigned default roles according to the selection you make below.
Default User Roles. From the dropdown menu, select the default user role. Each new user is assigned to the selected default role. You cannot assign Admin roles to new users using this method.
Default User Groups. Search and select a group in this field Each new user is assigned to the selected default group.
Define by Group
Select this option if you have defined a Group Claim for every new user. Every new user is assigned default roles according to the selection you make below.
Groups Claim. The value of the Group claim as defined by your identity protocol. For example, if your provider refers to groups as Groups, this is the value you enter in Groups Claim. The user is assigned roles according to the Groups Claim.
Only associate users with the following group-role pairs. Enable this option so that users are only associated with groups selected from this list.
- Select a group.
- Select the user role.
If the user is associated with multiple groups, the one with the highest role is assigned. Click Add after each group.
Creating New Users and Modifying User Permissions
Use the toggle to enable your SSO configuration to create new users and modify existing user permissions, under the following circumstances:
Use Defaults:
- Activating this toggle enables creating new Sisense users.
- Deactivating this toggle prevents new users from logging in to Sisense
Define by Groups:
- Activating this toggle enables creating new Sisense users.
- Deactivating this toggle allows existing users to log in to Sisense, but Sisense permissions remain unchanged. New users are prevented from logging in to Sisense.
If at any point you misconfigure the SSO session, and are unable to login via SSO, you can use the direct login: https://0.0.0.0/app/account#/login (select the IP or site URL).
.r.
