Support Support HYPERPLANNING

  • Delegate authentication to the users' Client

Users who connect to the database from a Client must authenticate with a username and password. This step can be delegated to a single sign-on service using CAS, SAML2 or WS-Federation protocols.
The Controller must be deactivated before proceeding with configuration.

Delegate authentication to the Client via a CAS Server

  1. From the panel Controller of the console , go to the tab Delegate the authentication.
  2. On the line CAS Protocol, click on the button to enter a new configuration. You can enter several per protocol, but only one can be activated (double-click in the column Active).

  3. Enter the URL where the CAS server runs. The authentication and validation URL are displayed below.
  4. If you want users to be also able to connect via HYPERPLANNING authentication, tick Authorize authentication by the controller, without querying the CAS server. Choose whether this is permanent or only if the CAS server does not respond.


  5. Click on the button Users' identification parameters on the top right to choose the type of user recognition.
  6. In the pop-up window, choose the type of user recognition from the drop-down menu:
    • With the identity of the user: these are the fields exchanged between CAS and the Controller that will allow to recognize the user who connects for the first time. You must indicate the designation of these fields by CAS. The same applies to the categories.
    • With the CAS identifier entered in HYPERPLANNING: the administrator must import in HYPERPLANNING all the CAS identifiers of the users so that they can connect via CAS.
  7. Tick in the table to activate delegation for administrative mode.
  8. If there are problems reconciling a user with their CAS ID, from a Client , go to the tab Communication > Identity management > Reconciliation of the identities and reconcile manually.
  9. To modify the parameters, on the configuration line, click on the button .

Delegate authentication to the Client via Ws-Federation

  1. From the panel Controller of the console , go to the tab Delegate the authentication.
  2. On the line Ws-Federation Protocol, click on the button to enter a new configuration. You can enter several per protocol, but only one can be activated (double-click in the column Active).
  3. In the pop-up window:
    • enter the URL of the ADFS server (https address).
    • the HYPERPLANNING controller URL for the SAML server to send the authentication response.
  4. If you want users to also access HYPERPLANNING without going through the ADFS server, tick Authorize the authentication by the controller, without querying the Ws-Federation server. In this case, users must log in with their HYPERPLANNING username and password. Choose whether this option is permanent or only if the WS-Federation server does not respond.
  5. Click on the button Users' identification parameters on the top right to choose the type of user recognition.
  6. Tick in the table to activate delegation for administrative mode.
  7. To modify the parameters, on the configuration line, click on the button .

Delegate authentication to the Client via SAML2

  1. From the panel Controller of the console , go to the tab Delegate the authentication
  2. On the line SAML2 Protocol, click on the button to enter a new configuration. You can enter several per protocol, but only one can be activated (double-click in the column Active).
  3. In the pop-up window enter:
    • the URL of the SAML server (recovery of the configuration XML file).
    • the HYPERPLANNING controller URL for the SAML server to send the authentication response.
  4. If you want users to also access HYPERPLANNING without going through the SAML server, tick Authorize authentication by the controller, without querying the SAML server. In this case, users must log in with their HYPERPLANNING username and password. Choose whether this option is permanent or only if the SAML server does not respond.
  5. Click on the button Users' identification parameters on the top right to choose the type of user recognition.
  6. Tick in the table to activate delegation for administrative mode.
  7. To modify the parameters, on the configuration line, click on the button .
Was this content useful to you?
https://docs.index-education.com/docs_en/en-hyperplanning-support-page-198-629-delegate-authentication-to-the-users-client.php

Can't find an answer to your question ?

Contact our support

INDEX ÉDUCATION | © 2024 - C