Authentication
Authentication provides a secured method to validate and provide access to authorized users on the BI platform.
Authentication Manager
Following are the authentication types BI Hub Platform supports:
- Native: User credentials are stored in the BI platform itself.
- Windows AD: Windows Active Directory services authentication for group and users management, network, and policy administration, etc.
- LDAP: Lightweight Directory Access Protocol is an open and cross-platform protocol used for directory services authentication.
- SAML: Mapping the user credentials between Microsoft Office 365 and BI Hub Platform.
Add Authentication#
To manage Authentications Admin (bihubadmin) must go to the Authentication > Authentication Manager section and select Add Authentication.
Add Authentication type
Add Microsoft AD details to BI Hub#
Windows AD authentication allows the users/groups to be fetched from a Windows Active Directory.
To add MS AD Authentication, select the Authentication Type as "LDAP" from the drop-down list.
Windows AD Authentication Settings
- Following are the fields and their descriptions:
| Field Name | Description |
|---|---|
| Base DN | The Distinguished Name (DN) of the starting point for directory server searches |
| URL | The Active Directory host address. Example: <ldap://xxxdomain.companyname.solutions> |
| Username | username of the account present in Windows AD with admin privileges |
| Password | password of the above user |
| Groups | Name of the AD group to synchronize the users from. |
| Additional User Attribute | Additional User Attributes that needs to be used for mapping a username |
| Full SSO | If Full SSO setup is established in the organization, then enable the check box and BI Hub will leverage that setup. > In such a scenario, when the user does a sign-on successfully into the company’s network, then BI Hub will not prompt for a login and the user can work on the product directly. |
| Bring Subgroup Members | Value can be set to enable/disable. When set to ON, members from the subgroup will also be available into BI Hub |
Add LDAP Authentication#
To setup an LDAP authentication type, select "LDAP" in the Authentication Type drop-down menu:
LDAP Authentication Fields
Enter the values for each field ( Tooltip provided ) and select Submit.
Add SAML Authentication#
Before you add SAML authentication configurations in the BI Hub application, you must set up SSO for an application that you added to your Azure AD tenant. [ Reference Microsoft article: Set up SAML-based single sign-on (SSO) for an application in your Azure Active Directory (Azure AD) tenant ].
For basic SAML configuration, you should get the values from the application vendor. [ Microsoft article reference: Basic SAML Configuration ].
Next, in the BI Hub app; add a new authentication with Authentication Type as SAML.
SAML Authentication
Following are the fields and their descriptions:
| Field Name | Description |
|---|---|
| Entity ID of Service Provider | Identifier of your Service Provider |
| Assertion Consumer Service URL | Assertion Consumer Service URL mentioned on your Service Provider |
| Logout URL | Logout URL of Service Provider |
| Entity ID of IDP | This is Azure AD Identifier |
| Single Sign ON IDP URL | Login URL of IDP |
| Logout URL of IDP | Logout URL of IDP |
| x509cert of IDP | The x509cert value from Federation Metadata XML |
| Login button text | This value will be shown on the BIHUB Login screen, example: SSO Login |
| SAML Response Key | SAML response key to validate the user |
Enter all the values and select Submit.
Edit Authentication details in BI Hub#
- To edit the authentication details, the admin can select the type and click Edit.
- Edit the required fields in the Edit Authentication.
- Select Save.
Synchronize Users with BI Hub#
Go to the Authentication page, select the platform (Windows AD or SAML), and click Sync Users.
All the users under the given Authentication information will be added to BI Hub.
View the detailed summary of the sync in the Sync Authentication section.
note
If users of all BI platforms are authenticated using Microsoft AD/LDAP and user names are identical across platforms, then proceed to Synchronize Reports of Users section.
Next Steps#
Consider the scenario When one BI platform authenticates through Microsoft AD and the other BI platform authenticates Native users, also if the user names are different between BI platforms. In such a case, the above sync would import the users only with the Microsoft AD authentication.
In order to import users from the other BI Platform(s), proceed to Add Users from other BI Platforms (users having different user names across BI Platforms) section.
Next proceed to Synchronize Reports of Users section.
important
You can schedule to sync the Windows AD users automatically using the Authentication Synchronization utility. [Refer the Scheduled synchronization with AD] section.
To set the default Authentication type, select the Authentication name - "Windows AD" and click Set as Default:
Windows AD selected as the Default Authentication Type
Delete Authentication in BI Hub#
Select the Authentication type and click Delete.
note
Deleting the Windows Authentication will delete not only the AD entry but also all the users and reports connected to AD and the operation cannot be undone.