Users will have a better experience if they do not have to sign in every time they visit your Asset Bank. For example, you might want users to be able to access your Asset Bank seamlessly from your Intranet by clicking on a link.
This article provides high-level details of the options available for configuring your Asset Bank so that users do not have to enter a username and password each time they start a new session. Please note that all of these options except the 'remember me' cookie require an enterprise licence.
This does require Asset Bank to be able to connect to your organisation's LDAP server. If your Asset Bank is hosted externally (for example by us) then your IT team is unlikely to simply allow access. We have clients who have implemented this architecture using VPN tunnels, and we would be happy to discuss this option in more detail.
Active Directory and Integrated Windows Authentication
LDAP integration enables users to use the same username and password as they use to access their computers, but it does not in itself provide SSO.
If your LDAP server is Active Directory, and you use IIS as the web server for your Asset Bank, then we recommend using Integrated Windows Authentication. See point 2.3 of Integration with a Web Server
Integration with a third-party SSO technology
There are many different SSO technologies available. Asset Bank’s authentication module has been designed so that we can easily develop new plugins to enable SSO (single sign-on) technologies to be used.
We have already developed plugins to enable Asset Bank to work with the following SSO technologies:
SAML compliant Identity Providers: ADFS, Azure AD, Okta and OneLogin (Asset Bank relies on Shibboleth as SAML Service Provider and Apache as Web Server)
Please contact us if you want to use any of these plugins, or you would like us to develop a plugin for a different SSO technology.
Asset Bank's ‘EncryptedUrlSSO’ plugin, enables a client's developers to show a link (e.g. on an Intranet) to Asset Bank that includes a user’s details encrypted and encoded, so Asset Bank can create them as a user (if it hasn’t seen them already) and log them in. See EncryptedUrlSSO Specification.
'Remember me' cookie
Asset Bank can show a 'Remember me' checkbox on the login page (this is turned off by default). If this functionality is enabled, and a user checks the checkbox, an encrypted token is stored in a cookie so that Asset Bank can log them in automatically next time they visit. No personal details about the user, other than the encrypted identifier, are stored in the cookie.
This functionality can be enabled by changing the following setting: allowAutoLoginUsingCookie=true