Single sign-on simplifies logging-in to the repository's model by using the user's system login. This means that it is not necessary to reenter the password. Managed models are always run in single sign-on mode.
Advantages
You can use single sign-on for new repositories. The setting applies for all models in this repository (standalone servers). Managed models are always run in single sign-on mode.
Single sign-on makes it easier to log-in to the repository's model; this is because it uses user system login for comparing with Innovator's central user management meaning you do not have to reenter a password or enter yet another one. The user only needs to select the user role they want to open the model with.
Model Login Ramifications
Only users logged-in to the system log-in to a model or as model administrator with single sign-on. A password is not required.
The user has to be configured in the central user administration. During login, the user is offered those user roles that arise from the configured login rules and the roles in the model.
Repository Administration Ramifications
The central user management in the main license server manages administrator rules for repositories with activated single sign-on. Administrator rules control authorizations for the following actions:
- Log-in as repository administrator (no password required)
- Start a model server (also possible via command line or as service)
- Close a model server (also possible via command line or as service)
Restriction
If no rule exists in the central user management on the main license server for any rule type, then all users are allowed to use the full scope of the functionality restricted by this rule type. This makes is easier to carry out Innovator administration.
As soon as a rule exists for any rule type, then you can only use the functions made accessible by these rules. You need to explicitly create rules for each rule type if you wish to use functions of other rule types.
Deactivating Single Sign-On for a Repository
Prerequisites
You must be logged-in to the repository as repository administrator.
Context
Single sign-on is activated in a new repository.
Deactivate single sign-on if you do not want to use Windows authentication for logging-in to the models of a repository.
How to proceed
-
Open the Administration Program.
-
Jump to the Standalone Servers tab.
-
Select the repository's model server in the server tree which you want to deactivate single sign-on for.
-
If you are not yet logged-in as a repository administrator, select Login in the context menu.
You have now logged-in to the repository as administrator.
-
Select View>View>Edit Properties.
The repository's properties appear in the workspace.
-
Open the Single Sign-on section.
-
Deactivate the single sign-on check box.
Only the users, passwords and roles configured in the model can be used for the user login.
-
Confirm the deactivation with Apply.
If users are logged-in to the models of the repository, you must confirm that you want to log them out in a dialog. You can also choose to cancel the operation there.
The change becomes effective for logins to the models of the model server.
The previous model users are now invalid. New logins are made as the system user.
Related Topics
