Single sign-on
From Version 9.2.29 you can setup XLCubedWeb to use an SAML 2.0 compliant Identity provider service to handle user authentication.
Contents
[hide]Requirements
You will need the following:
- Enterprise XLCubedWeb
- A SQL-based Repository in "Role" mode
- An identity provider service that supports SAML 2.0 (for example, Okta, PingIdentity etc.)
- Some identity providers will require that the XLCubedWeb website is running as HTTPS
- Contacted support@xlcubed.com to enable the feature
Setup
Provider setup
You will need to create a new application or service provider. Use the following details where:
servername = Your xlcubedweb server address, for example http://someserver/xlcubedweb, this needs to match what the users would type into a web browser of the Excel publication screen
xlcubedurl = servername/webform/auth.aspx, for example http://someserver/xlcubedweb/webform/auth.aspx
The following is a list of possible information you will need to provide:
| Field | Value |
|---|---|
| Single sign On URL | xlcubedurl |
| Recipient URL | xlcubedurl |
| Destination URL | xlcubedurl |
| SP Entity ID | XLCubedWeb |
| Audience URI | XLCubedWeb |
| Audience Restriction | XLCubedWeb |
Attributes
The NameID attribute will be used as the key for users to store user-specific information such as "My Reports", recent reports, bookmarks, workbook aspects etc. Any format should be fine.
The following optional attributes can also be included:
| Attribute | Description | Example |
|---|---|---|
| DisplayName | The text to display when the user is listed | Joe Bloggs |
| The email address of the user, would be used when emailing alerts, for example | joe.bloggs@xlcubed.com | |
| EffectiveUser | User-id for connections that support this option. See "Datasources" section for more information | cubeuser |
| EffectiveRole | Comma-delimited list of Cube Roles to use for this user. See "Datasources" section for more information | Accounts, Management |
| MemberOf | Comma-delimited list of SIDs or active-directory group paths the user belongs to, this is used to determine which XLCubed Roles the user belongs to | S-1-5-21-1085031214 |
| Roles | Comma-delimited list of XLCubedWeb Roles the user belongs to, this controls which folders and reports they can see and what level of access they have | Authenticated Users, Upper Management |
