Setting up Single Sign-On

As a system administrator, you can set up single sign-on (SSO) for the Automation Engine system, which allows users to login only once, without having to enter user credentials over and over again. The Automic Automation Kubernetes Edition supports the Security Assertion Markup Language 2.0 (SAML 2.0) protocol.

Note: The Kerberos Key Distribution Center (KDC) protocol is not supported in Automic Automation Kubernetes Edition.

Enabling Single Sign-On

By default, when users log into AWI, the entire authentication process is handled by the Automation Engine to which the instance is connected. AE confirms whether the user credentials match the values in the related User object (USER).

You must enable single sign-on to use the SAML protocol. If you want to do it before the installation, set the AUTOMIC_SSO_SAML_ENABLED environment variable to true in the values.yaml file.

Once your installation is provisioned, you must use the configmap to change this environment variable. For more information, see Configuring Container-Based Systems.

Note: Setting this environment variable only enables you to use SSO. You still have to configure SAML. For more information, see Setting up Single Sign-On - SAML.

Login Types

When single sign-on (SSO) is enabled, the AWI login screen has an extra drop-down list with the login types available.

Automation Engine

When you select this login type, the AWI standard login is used. For more information, see Standard Login.

SAML

Note: This option is only available if SAML is set up in the system behind the connection. For more information, see Setting up Single Sign-On - SAML.

When you select SAML, the Name, and Password fields are irrelevant, but the Department field becomes mandatory.

As soon as a value has been entered in the field Department, the Next button is enabled. Clicking it redirects you to the SAML Identity Provider for authentication and back to AWI with the result.

The checkbox Enable autologin allows you to choose if you want a fully or partially automatic login.

Enabling Autologin

When you use single sign-on with SAML, the Enable autologin checkbox allows you to decide if you want a fully or partially automatic login.

• For a fully automatic login, select the Enable autologin checkbox. This option allows you to bypass entering any login information in the future. Ensure to select your session options (Language, Connection, Client, Session Color) before selecting this checkbox because you are not able to change them in the next login.

• For a partially automatic login, do not select the Enable autologin checkbox. This option allows you to change your session options (Language, Connection, Client, Session Color) without having to enter your user information or password.

Note: To login with different credentials or to change your session options, empty your browser cache and restart the Automic Web Interface. A blank login page with all fields is displayed.

See also:

• UC_SAML_SETTINGS - Single Sign-On
• SAML