SSO with Active Directory
- Kiss, Mate
Overview
The web application can authenticate users using Microsoft Windows domain authentication information. If a user is logged into the Windows Domain on a PC, the same user can access the web application without authenticating again.
When the domain user opens the web interface the system automatically authenticates the Windows user against the AD and logs in him/her to the recording system seamlessly. However this still requires a user created in the Verba Recording System due to the need for configuration settings not available in active directory.
Do not confuse this SSO functionality with the separate Single Sign-On API, that allows Single Sign-on integration with any systems/portals using a simple web protocol.
This SSO function helps you stop managing user passwords and user deletions in the Verba Recording System. You will still need to create the users in Verba, configure access rights and assign phone numbers to them.
Configuring Active Directory based Single Sign-on
Follow three steps to enable/configure SSO.
Step 1 - Make sure your Verba web app server in the same domain where your users are.
Step 2 - Configure the web app for SSO. With System Administrator rights you fill find these under Administration menu / Verba Servers / (select your server) / Change Configuration Settings / Web Application Configuration / Single sign on settings. See the parameters in the Web application settings topic.
Step 3 - Configure users with the login name in the Verba Recording System as in Active Directory
If you have problems with SSO verify the following:
Accessing the web interface with single sign-on
In order to access the web interface using SSO, use the following URL:
When Verba is configured to use the secured SSL (HTTPS) protocol, to access the web interface, the following must be in the address bar:
If a user already logged in to the domain of the web application, they can just access the system. If they are not logged in, the browser will automatically asks for the Windows user credentials.
You can use Active Directory / Windows Domain based authentication and standard Verba authentication at the same time on one system. Your users need to access the web interface using the above links to use SSO. Other web links do not provide this capability.
Forcing non-SSO login when SSO is enabled
It is possible to force a non SSO login by visiting the following URL:
Changing the default login procedure to single sign-on
You can change the above behaviour, where SSO requires a separate link.
Step 1 - If you have not already done that, please follow the above steps to enable SSO
Step 2 - Access the Verba server using Remote desktop
Step 3 - Open the <PROGRAM FILES>\Verba\tomcat\webapps\ROOT\index.html file where <PROGRAM FILES> is e.g. "C:\Program Files (x86)"
Step 4 - Change the META line from
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=/verba">
to
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=/verba/sso">
Step 5 - This change goes live without any restart, point your browser to http://ServerNameorIPAddress