User GuidesAiimi

Authentication

These configuration options determine how users securely access Workplace AI. Workplace AI supports a range of modern authentication methods, allowing you to align its sign-in experience with the rest of your enterprise applications.

The Authentication methods available are:

  • SAML 2.0

  • ADFS

  • Forms

SAML2

SAML2 is an open standard that allows single sign-on (SSO) of applications.

Configuration Options

  1. Application Identifier: This should be set to the application ID of your identity provider.

  2. Issuer: The issuer from your identity provider.

  3. Sign on URL: The login endpoint for your identity provider.

  4. Logout URL: The logout endpoint for your identity provider.

  5. App URL: Endpoint for the Workplace AI to complete the login process. User {0}/admin as a placeholder for host and port - This must point to the admin app

  6. Signature Validation Certificate: Upload the certificate as a credential, then select it here

ADFS

Active Directory Federation Services (ADFS) is a Microsoft identity and access management service that allows users to authenticate using their existing Active Directory (AD) credentials.

Configuration Options

  1. ADFS URL: Enter your ADFS authentication endpoint

  2. Redirect URL: Enter the URL to redirect to after the user has been authenticated

  3. Certificate Credential: Upload the certificate as a credential, then select it here

Forms

Forms Authentication allows users to sign in using the accounts provided through your configured security syncs (e.g. AD-synced groups).

Configuration Steps

  1. Configure a Security Sync

  2. Toggle off the Elastic Authentication option

After saving the new authentication settings, all authenticated sessions will be invalidated, provided the "Invalidate tokens on logout" setting is enabled

Security

These settings impact the safety, security and integrity if your system. Proceed with caution.

Enable Swagger API Documentation

Get information about your APIs during development and testing. This exposes your API details and should only be enabled in dev or test environments. To use Swaggers inbuilt testing the Bearer Token Authentication must be enabled.

Enable Bearer token authentication

Allow tokens to be stored in an auth header not just HTTP. This increases your security risk and should only be enabled in dev or test environments. This must be enabled to use Swaggers inbuilt testing.

Valid logged out tokens

If enabled, logged out tokens will only be invalidated upon expiry. This is only recommended for dev or test environments.

PreviousCredentialsNextControl Hub Authentication

Last updated