Table of Contents |
---|
The old TDS SSO featured based on CAS technology has been replaced by a new with support of OpenID Connect and SAML.
Thanks to the implementation of the new TDS SSO, TDS Saas Service can now be integrated with customer´s Active Directory and authentication of users using OAuth 2.0 protocols.
Key SSO Keycloak features:
Single sign-on - SSO
Single sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set login credentials.
TDS authenticated users are also automatically authenticated in all TDS Services until the expiration of the user session.
User logout from TDS SSO is automatically
...
logout from all his TDS services which support SSO logout
...
- User accounts are managed using a single centralized service
...
.
...
...
- Realm role level
- Client roles
- Role-based access control
SSO Session
Name | Value |
---|---|
SSO Session Idle |
7 days | |
SSO Session Max | 30 days |
Default SSO Session length is 20 hours
...
TDS Login Page
There are the following items on TDS Login Page:
- Username
- user TDS account id required to log in to TDS service
- Password
- user account password
- Remember Me
- allow user to remain logged in between browser restarts until session expires
- Create new account
- link to Create New Account page
- Contact support
- link to TDS support page Help/Feeedback
- Reset password (only for TDS instances without AD integration)
- link to TDS reset password page Reset password
Create New Account
Self-invitation is not possible in public TDS.
When it's requested, it's possible to configure TDS portal to support self-invitation:
(10 hours when Idle).
Customer can request additional configuration of following SSO properties:
- Length of SSO session
- Enable/disable two-factor authentication - Multi factor authentication#OTPtokenresetorenable
Azure AD or ADFS authentication
Note |
---|
For some customers, there is a possibility to log into TDS using Azure AD or ADFS (Active Directory Federation Services). |
To use this feature, please follow these steps:
Click on the button Azure AD or ADFS on TDS login page (the label of the button usually reflects company name).
You are going to be redirected to your Azure AD or ADFS login page. Use your company SSO credentials there to log in.
After that, you are logged to TDS portal or other TDS SSO enabled application.
Two-factor authentication
Multi factor authenticationAfter entering proper e-mail address, invitation is sent to a new user. A new user is added after email confirmation to TDS portal only (not to Company/Project).