Versions Compared

Old Version 4

changes.mady.by.user user-13954

Saved on

compared with

New Version Current

changes.mady.by.user Roman Harmata

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Table of Contents

The old TDS SSO featured based on CAS technology has been replaced by a new with support of OpenID Connect and SAML.

Thanks to the implementation of the new TDS SSO, TDS Saas Service can now be integrated with customer´s Active Directory and authentication of users using OAuth 2.0 protocols.

Key SSO Keycloak features:

Single sign-on - SSO

Single sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set login credentials.

TDS authenticated users are also automatically authenticated in all TDS Services until the expiration of the user session.

User logout from TDS SSO is automatically

...

logout from all his TDS services which support SSO logout

...

  1. User accounts are managed using a single centralized service

...

.

...

...

  1. Realm role level
  2. Client roles
  3. Role-based access control

SSO Session

Name

Value

SSO Session Idle
10 hours
7 days
SSO Session Max30 days

Default SSO Session length is 20 hours

...

TDS Login Page

Image Removed

There are the following items on TDS Login Page:

  • Username
    • user TDS account id required to log in to TDS service
  • Password
    • user account password
  • Remember Me
    • allow user to remain logged in between browser restarts until session expires
  • Create new account
    • link to Create New Account page
  • Contact support
  • Reset password (only for TDS instances without AD integration)

Create New Account

Self-invitation is not possible in public TDS.

When it's requested, it's possible to configure TDS portal to support self-invitation:

Image RemovedImage Removed

(10 hours when Idle).

Customer can request additional configuration of following SSO properties:

Azure AD or ADFS authentication

Note

For some customers, there is a possibility to log into TDS using Azure AD or ADFS (Active Directory Federation Services).

To use this feature, please follow these steps:

  1. Click on the button Azure AD or ADFS on TDS login page (the label of the button usually reflects company name).


  2. You are going to be redirected to your Azure AD or ADFS login page. Use your company SSO credentials there to log in.


  3. After that, you are logged to TDS portal or other TDS SSO enabled application.

Two-factor authentication

Multi factor authenticationAfter entering proper e-mail address, invitation is sent to a new user. A new user is added after email confirmation to TDS portal only (not to Company/Project).