Single sign-on (SSO) is an authentication method that allows one account manager to sign users in to multiple independent software systems.
SSO allows users to maintain a single login and use it to login to different software tools. Administrators of different software tools, like DriveWorks, can register their applications with the SSO account manager that will be responsible for handling the login. Users can log in to DriveWorks by logging into their standard Windows Active Directory account, for example. Active Directory, acting as the SSO agent, will authenticate the user's login and validate the user for DriveWorks.
SSO for Active Directory (AD) is configured in the DriveWorks Pro Server Configuration utility, available in the DriveWorks folder in the Windows Start menu on the computer running DriveWorks Server. After opening the Pro Server Configuration utility, select the SSO Credentials option in the menu on the left.
This dialog is divided into three different sections:
This section is used to select the DriveWorks Group to integrate with SSO.
Use the dropdown to select the required DriveWorks Group that you wish to map to Active Directory. Then enter Administrator credentials (username and password) for the selected DriveWorks Group.
A refresh button is available to update the list of available groups.
Press ‘Login’ to access the Group.
The information in this section specifies the Azure AD Tenant/Client with which DriveWorks will connect for SSO authentication.
The following credentials are required to integrate with your Active Directory.
These credentials are obtained when configuring Azure Active Directory during App Registration.
NOTE: If you require help obtaining these values, you will need to consult with your IT department or the entity that manages your Azure Active Directory instance.
The table on the left hand side shows the DriveWorks users for the DriveWorks Group selected in the Group Login section.
Selecting a DriveWorks user will then populate the Active Directory Table on the right hand side, allowing you to map the DriveWorks user to one or more AD users.
Select the checkbox(s) required and then press Save. You can select multiple mappings to batch save.
Green rows indicate newly added user mappings, while red rows indicate user mappings to be removed.
The Play/Pause button controls whether the connection to the Active Directory client is active or paused. The button will display a pause icon when it is active. Click the pause icon to pause the connection. Click the play icon to resume the connection.
In order for DriveWorks to connect to Active Directory with the client information provided, you will need to ensure that the following permissions are set in the API Permissions section of the Azure Active Directory application to which you are connecting:
This Allows DriveWorks to read user profiles without a signed in user. This is required in the Pro Server Configuration Tool Directory Synchronization area. Granting this requires the consent of the Active Directory administrator.
When logging into a Group that has SSO credentials configured, the login popup window will appear differently. The user will now be offered an option to log in with Azure Active Directory or DriveWorks User Name and Password.
The following steps are required to configure an Azure Active Directory for use with the DriveWorks Single Sign On feature.
From the Azure Portal home page, select Active Directory then App Registrations.
The Name given to the App Registration should be something meaningful to yourself.
The Optional Redirect URI field can be left empty at this stage.
Once created, make a note of the following:
These two GUID’s will be provided in the Active Directory Configuration section of DriveWorks Pro Server SSO Credentials, so a connection to Active Directory can be established.
Each platform type that is to use SSO is required to be added.
The applicable platform types are:
Used for logging into a Shared Group from all DriveWorks desktop based modules.
Used for logging into a web based DriveWorks solution through the DriveWorks Live Integration Theme.
See Using SSO with DriveWorks Live below.
To Add a platform
For Web authentication:
To allow the Integration Theme to use SSO an additional element is required to be added to the DriveWorksConfigUser.xml file.
See Using SSO with DriveWorks Live below.
Ensure the permissions detailed in Azure Configuration (above) are set in the API Permissions section of the Azure Active Directory application to which you are connecting.
To set your Integration Theme site to use SSO, you will need to add the following code inside the sharedGroupAlias element of the DriveWorksConfigUser.xml.
See Group Connection Settings for more information.
<identityProviders> <azure> <!-- Note: This is the same secret you add to the Pro Server Config Tool --> <clientSecret>InsertSecretHere</clientSecret> </azure> </identityProviders>
An example of this code in place would look like this:
<connections> <sharedGroupAlias name="DriveWorksAlias" serverAddress="ProServerMachine" groupname="GroupName"> <identityProviders> <azure> <!-- Note: This is the same secret you add to the Pro Server Config Tool --> <clientSecret>InsertSecretHere</clientSecret> </azure> </identityProviders> </sharedGroupAlias> <connections>
To use SSO to login to the DriveWorks Example Sites, the login method is required to use loginSSO.
This is done by changing the line below:
In the login.js file find the following line:
// Start session const result = await DW_CLIENT.loginGroup(GROUP_ALIAS, userCredentials);
And change it to this:
// Start session const result = await DW_CLIENT.loginSSO(GROUP_ALIAS);
You will only need to pass in the Group Alias into this method.
Can I use DriveWorks Logins alongside SSO logins?
How can I log in with a different Windows user?
Does configuring the SSO in the Pro Server Configuration enable users to use SSO in all DriveWorks modules?