| Table of Contents |
|---|
Single sign on - SSO
Single sign on (SSO) is an authentication process that allows a user to access multiple applications with one set login credentials.
TDS authenticated users are also automatically authenticated in all TDS Services until expiration of user´s session.
User logout from TDS SSO is automatically logout from all his TDS services which support SSO logoutThe old TDS SSO featured based on CAS technology has been replaced by a new with support of OpenID Connect and SAML.
Thanks to the implementation of the new TDS SSO, TDS Saas Service can now be integrated with customer´s Active Directory and authentication of users using OAuth 2.0 protocols.
User authorization is controlled from TDS Portal using proper role assignment on TDS portal level (Customer Area and Projects) and in TDS SaaS Services.
Users authenticated in TDS are also automatically authenticated in all TDS core SaaS Services (Jira, Confluence etc.) until expiration of user's token.
Key SSO Keycloak features:
- One time password policy
- User logins to TDS SSO and is allowed to access all his available TDS services
- User logout from TDS SSO and is logout from all his TDS services which support SSO logout
- SPNEGO - disabled
- Centralized password policy
- User accounts are managed using a single centralized service
- Identity brokering
- Identity providers based for example on:
- OpenID Connect v1.0
- SAML v2.0
- OAuth v2.0
- Identity providers based for example on:
- Authorization policy
- Realm role level
- Client roles
- Role-based access control
SSO SSO Session
Name | Value | |
|---|---|---|
| SSO Session Idle | 10 hours | |
| SSO Session Max | 20 hours | Access Token Lifespan | 1 minute
Default SSO Session length is 20 hours (10 hours when Idle). Values are configurable.
Please create a ticket on Support for the change.
- two factor authentication is supported
- create ticket on Support