Support Support HYPERPLANNING

  • Delegate authentication to the users Webspaces

Users connecting to the database from a web browser or mobile application must authenticate themselves with a username and password. This step can be delegated to a unique authentication service using the CAS, SAML2 or WS-Federation protocols.
To create a delegation, the HYPERPLANNING.net server must be shut down, and the HTTPS protocol must be used (choose the protocol in panel Publication parameters ).
If you have already created configurations for the authentication of the Clients, these are already available in the application.

Delegate authentication to the Webspaces via a CAS Server

  1. Go to the panel Delegate the authentication from the application HYPERPLANNING.net .
  2. On the line Protocol CAS, click on the button to enter a new configuration. You can enter several per protocol, but only one can be activated (double-click in column Active).

  1. In the pop-up window, enter the URL where the CAS server runs. The authentication and validation URL appear below.
  2. If you want users to be able to log in via HYPERPLANNING authentication as well, tick Authorize authentication by the controller, without querying the CAS server. Select whether this option is permanent or only available if the CAS server fails to respond.

  1. Click on the button Users' identification parameters in the top right-hand corner to select the type of user recognition.
  2. In the pop-up window, choose the type of user recognition from the drop-down menu:
    • With the identity of the user: these are the fields exchanged between CAS and the Controller that will identify the user logging on for the first time. These fields must be specified by CAS. The same applies to categories.
    • With the CAS identifier entered in HYPERPLANNING: the administrator must import all users' CAS IDs into HYPERPLANNING so that they can connect via CAS.
  3. Validate to return to the initial screen. In the table, tick the mode concerned by the delegation.

  1. If there are problems reconciling a user with his CAS identifier, from a Client, go to the tab Communication > Identity management > Reconciliation of the identities and reconcile them manually.
  2. To modify the parameters, click on the button in the configuration line.

Delegate authentication to the Client via Ws-Federation

  1. Go to the panel Delegate the authentication from the application HYPERPLANNING.net .
  2. On the line Protocol Ws-Federation, click on the button to enter a new configuration. You can enter several per protocol, but only one can be activated (double-click in column Active).
  3. In the pop-up window:
    • enter the URL of the ADFS server (address in https);
    • the URL of the HYPERPLANNING Controller so that the ADFS server can send the authentication response.
  4. If you want users to be able to access HYPERPLANNING without going through the ADFS server, tick Authorize the authentication by the Controller, without querying the Ws-Federation server. In this case, users will have to log in with their HYPERPLANNING username and password. Select whether this option is permanent or only available if the WS-Federation server fails to respond.
  5. Click on the button Users' identification parameters in the top right-hand corner to select the type of user recognition.
  6. Validate to return to the initial screen. In the table, tick the mode concerned by the Ws-Federation delegation.
  7. To modify the parameters, click on the button in the configuration line.

Delegate authentication to the Client via SAML2

  1. Go to the panel Delegate the authentication from the application HYPERPLANNING.net .
  2. On the line Protocol SAML2, click on the button to enter a new configuration. You can enter several per protocol, but only one can be activated (double-click in column Active).
  3. In the pop-up window:
    • enter the URL of the SAML server (recovery of the XML configuration file);
    • the URL of the HYPERPLANNING Controller so that the SAML server can send the authentication response.
  4. If you want users to be able to access HYPERPLANNING without going through the SAML server, tick Authorize authentication by the Controller, without querying the Saml server. In this case, users will have to log in with their HYPERPLANNING username and password. Choose whether this option is permanent or only available if the SAML server fails to respond.
  5. Click on the button Users' identification parameters in the top right-hand corner to select the type of user recognition.
  6. Validate to return to the initial screen. In the table, tick the mode concerned by the SAML delegation.
  7. To modify the parameters, click on the button in the configuration line.
Was this content useful to you?
https://docs.index-education.com/docs_en/en-hyperplanning-support-page-264-2961-delegate-authentication-to-the-users-webspaces.php

Can't find an answer to your question ?

Contact our support

INDEX ÉDUCATION | © 2024 - D