Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Applies to:Kyvos Enterprise  Kyvos Cloud (Managed Services on AWS)  Kyvos Azure Marketplace

Kyvos AWS Marketplace  Kyvos Single Node Installation (Kyvos SNI)  Kyvos Free (Limited offering for AWS)

There are mainly two authentication protocols for Windows Authentication, namely NTLM and Kerberos. Kerberos is the default protocol. For some Windows versions, NTLM is used instead.

Kyvos supports Jespa third-party jar files for SSO authentication. It also works on Tomcat on Linux and supports only NTLM protocol.

Prerequisites

For SSO using Windows authentication, the Windows user(s) must be imported into Kyvos.

Jespa configuration

To configure Jespa for Single-sign-on login to the Kyvos Manager using Admin credentials, perform the following steps.

  1. Click Security > Kyvos Authentication.

  2. Select the Single Sign On Configuration checkbox and enter details as:

    Parameter/FieldComments/Description
    Single Sign On ProviderSelect the JESPA option
    Bind AddressEnter the machine name where this computer account has been created.
    DNS Servers IPsComma-separated list of DNS Server IPs.
    Computer Account NameJESPA, as an SSO provider, needs a computer account name for system authentication against the active directory.
    Computer Account PasswordEnter the password for the computer account name mentioned above.
    jespa jar

    Upload the JESPA jar file. Kyvos uses this to perform SSO using JESPA. You can download the jar from https://www.ioplex.com/downloads.php

    jcifs jar

    Upload the JCIFS jar file. Kyvos uses this to perform SSO using JESPA. You can download the jar from https://jcifs.samba.org/src

  3. Click the Validate JESPA Configuration button to verify that the JESPA settings mentioned are correct.
  4. Click Kyvos and Ecosystem > Properties.
  5. On the Properties page, in the kyvosclient.properties, set the value for SYSTEM_AUTH_ENABLED to YES. This will allow users to connect to the Kyvos Web using Windows authentication.
  6. In the olapengine.properties file enter the CLIENT_URL in the http://tomcatUrl:port/AppName format.

Info

Configuring JESPA in Kyvos is not certified on AWS, Azure, and GCP clusters.

Connecting to BI tools

To connect Kyvos to a third-party BI tool through SSO, use the URL as: http://tomcatUrl:port/AppName/xmlaKyvosSSO

  • No labels

Copyright Kyvos, Inc. All rights reserved.