Support Support HYPERPLANNING

  • Delegate authentication to users' Client

Users who connect to the database from a Client must authenticate with a username and password. This step can be delegated to a single sign-on service using CAS, SAML2 or WS-Federation protocols.
To create a delegation, you must first deactivate the Controller.

Delegate authentication to the Client via a CAS Server

  1. Go to the panel Delegate the authentication from the application Administration Controller .
  2. On the line CAS Protocol, click on the button to enter a new configuration. You can enter several per protocol, but only one can be activated (double-click in the column Active).

  1. In the pop-up window: enter the URL where the CAS server is running. Underneath you will see the authentication and validation URL.
  2. If you want users to be able to connect via HYPERPLANNING authentication, tick Authorize authentication by the controller, without querying the CAS server. Choose whether this is permanent or only if the CAS server does not respond.

  1. Click on the button Users' identification parameters at the top right to choose the type of user recognition.
  2. In the pop-up window, choose the type of user recognition from the drop-down menu:
    • With the identity of the user: these are the fields exchanged between CAS and the Control that will allow the user to be recognized when connecting for the first time. You must indicate the designation of these fields by CAS. The same applies to the categories.
    • With the CAS identifier entered in HYPERPLANNING: the administrator must import in HYPERPLANNING all the CAS identifiers of the users so that they can connect via CAS.
  3. Validate to return to the initial screen. Tick in the table to activate delegation for the Administrative mode.
  4. If there are reconciliation problems between a user and his CAS ID, from a Client, go to the tab Communication > Identity management > Reconciliation of the identities and reconcile manually.
  5. To change the parameters, on the configuration line, click on the button .

Delegate authentication to the Client via Ws-Federation

  1. Go to the panel Delegate the authentication from the application Administration Controller .
  2. On the line Ws-Federation Protocol, click on the button to enter a new configuration. You can enter several per protocol, but only one can be activated (double-click in the column Active).
  3. In the pop-up window:
    • enter the URL of the ADFS server (https address).
    • the URL of the controller HYPERPLANNING so that the ADFS server sends the authentication answer.
  4. If you want users to also access HYPERPLANNING without going through the ADFS server, tick Authorize authentication by controller without querying the Ws-Federation server. In this case, users must log in with their HYPERPLANNING username and password. Choose whether this option is permanent or only if the WS-Federation server does not respond.
  5. Click on the button Users' identification parameters on the top right to choose the type of user recognition
  6. Validate to return to the initial screen. Tick in the table to activate delegation for the Administrative mode.
  7. To modify the parameters, click on the button on the configuration line.

Delegate authentication to the Client via SAML2

  1. Go to the panel Delegate the authentication from the application Administration Controller .
  2. On the line SAML2 Protocol, click on the button  to enter a new configuration. You can enter several per protocol, but only one can be activated (double-click in the column Active).
  3. In the pop-up window enter:
    • the URL of the SAML server (recovery of the XML configuration file).
    • the URL of the Controller HYPERPLANNING for the SAML server to send the authentication response.
  4. If you want users to also access HYPERPLANNING without going through the SAML server, tick Authorize authentication by the controller, without querying the SAML server. In this case, users must log in with their HYPERPLANNING username and password. Choose whether this option is permanent or only if the SAML server does not respond.
  5. Click on the button Users' identification parameters on the top right to choose the type of user recognition.
  6. Validate to return to the initial screen. Tick in the table to activate delegation for the Administrative mode.
  7. To modify the parameters, click on the button on the configuration line.
Was this content useful to you?
https://docs.index-education.com/docs_en/en-hyperplanning-support-page-190-603-delegate-authentication-to-users-client.php

Can't find an answer to your question ?

Contact our support

INDEX ÉDUCATION | © 2024 - C