External Authentication – LDAP, SSO and SAML

If ExtraView Corporation is hosting your installation, you do not have direct access to the file system of the server to configure, alter or use this feature without contacting ExtraView support.

ExtraView may be configured to work with both Lightweight Directory Access Protocol (LDAP) and Single Sign On (SSO) servers. LDAP servers include Microsoft’s implementation named Active Directory. It is not necessary to configure both LDAP and SSO at the same time, although this can be done.  Security Assertion Markup Language (SAML) may be used in conjunction with SSO and LDAP to provide authentication.

We strongly recommend that you have access to a resource that is skilled in administering these technologies to set up these features.

You may connect directly to an LDAP server, or you may connect to an LDAP server via SSO. Typically, it is slightly easier to configure the combination of LDAP and SSO servers, as opposed to configuring only an LDAP server.

This section discusses connecting ExtraView with both SSO and LDAP first, and then discusses a direct connection to LDAP without SSO.  Finally, SAML authentication is discussed.

LDAP, SSO and SAML are not part of the ExtraView product, but are separate third-party applications that ExtraView may integrate with. There are many “flavors” and implementations of both these technologies and they may be configured in many different ways by different organizations. While ExtraView may connect to and use these technologies, the configuration is often different from one installation to another. ExtraView’s professional services team can help with the integration, but this may not be part of the standard installation, and may be a separate, chargeable task.

Setting up LDAP, SSO or SAML implies that you will set up the configuration in both ExtraView behavior settings and within the Configuration.properties file external to ExtraView.

Note that there is also a hybrid authentication mode, where ExtraView can authenticate against an LDAP server and also use its own internal authentication mechanism. This is ideal in an environment where you want to use the LDAP server for internal users, but use ExtraView’s authentication for your customer users.

Note that there are security permission keys for authentication features which allow you to use a variety of authentication methods within one instance for different user roles.  These keys are:

  • AUTHENTICATION_EXTRAVIEW
  • AUTHENTICATION_HYBRID
  • AUTHENTICATION_LDAP_HYBRID
  • AUTHENTICATION_SSO