Configuring Repository SSO

Overview

The following document covers how to set up Single Sign On for a Repository Server and connected environments. For users to Commit or Checkout changes to and from the Repository, they would need to have an account created on the Repository. If no matching account is found,  an invalid access error will occur. 

When SSO is configured correctly, an account will be created if there is no matching account after running the Commit/Checkout actions, bypassing the need to manually create logins for every user.

Prerequisites

• SSO must be configured and set up for the environments. If this still needs to be done refer to Single Sign-On With SAML.
• Note that SSO must be set up for both Client and Repository servers. The SSO setup for each server must be identical and use the same SSO protocol, such as SAML or OpenID.
• Repository SSO on a Multi-Tenant environment is NOT supported. Users may continue using SSO to sign in to the client environments but need to use local accounts on the Repository to perform repository-related actions.

Configuring SSO for Clients

1. In the client environment, navigate to System > Settings > Designer Repository Settings. 
2. Under SSO PROXY, check the Use Authentication SSO Proxy box. 
3. Set a desired user-declared string value to SSO Authentication Key. This must match in both the Repository and for client environments.
4. Verify that the Repository Server URL matches the IP or DNS Name of the Repository Server. 
5. Click SAVE SETTINGS.

Configuring SSO in the Repository

1. In the Repository Server, and then to System > Settings > Designer Repository Server Settings.
2. Check Use Authentication SSO Proxy, then under Allowed Clients, click Add New.
3. From the Add Allowed Clients screen input the Client IP Address, the user-defined Authentication Key, and the Client Portal Base URL for client environments. Any connected environments using the Repository must have an entry added. 

   Setting Name	Purpose
   Client IP Address	IP address of the Server that will be accessing the Repository
   Authentication Key	User declared key on the Client server
   Client Base Portal URL	Base Portal URL of the Server accessing the repository

   
   

4. Click OK then SAVE SETTINGS. Once these settings have been configured, users will be able to interface with the Repository without getting prompted for a username or password.