When using Active Directory the web server hosting the Softadmin® system must be hosted inside the customer's domain.
As long as users are using workstations that are also inside the customer's domain and their computer trusts the web server their credentials are automatically forwarded to the Softadmin® system. Otherwise users will be prompted for their domain username and password to log in.
When a user navigates to the login page they are automatically logged onto the Softadmin® system as the Softadmin®-user matching their user name (see username modes). If no Softadmin®-user exists matching their name but the system is configured with a guest account then the guest account is used. Otherwise they are shown the built-in Softadmin® login screen where they may attempt to log in using a username and Softadmin®-password instead.
Simple single sign-on requires users to have been created in the system beforehand and requires all administration of permissions to be done by the system rather than in the Active Directory. These restrictions mean that it is most useful for systems with few users and systems where a custom integration creates users and administers the permissions.
Enable with the
SingleSignOn setting and set
SingleSignOnDomainName to the correct domain. If a guest account should be used, configure it with the
Se the IIS configuration page.
Username mode controls which property is used to map accounts to Softadmin® users. You control username mode with the system setting
userPrincipalName mode is recommended if you intend to integrate with Microsoft Graph as calling the Graph APIs for a user requires knowing their userPrincipalName.
sAMAccountName is a traditional username, restricted to 20 characters in length. For example, the user MyCompany\Sam has the
sAMAccountName Sam and would be logged in as the Softadmin® user Sam.
userPrincipalName looks like an email address though it can differ from a user's actual email address.
Softadmin® requires users to have an explicit principal name and for their principal name to be more than 120 characters long. It is technically possible, though rare, for an Active Directory user to violate either of these requirements.