Applies to: Kyvos Enterprise Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace
Kyvos Azure Marketplace Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)
There are mainly two authentication protocols for Windows Authentication, namely NTLM and Kerberos. Kerberos is the default protocol. For some Windows versions, NTLM is used instead.
Kyvos supports Jespa third-party jar files for SSO authentication. It also works on Tomcat on Linux and supports only NTLM protocol.
Prerequisites
For SSO using Windows authentication, the Windows user(s) must be imported into Kyvos.
Jespa configuration
To configure Jespa for Single-sign-on login to the Kyvos Manager using Admin credentials, perform the following steps.
Click Security > Kyvos Authentication.
Select the Single Sign On Configuration checkbox and enter details as:
Parameter/Field Comments/Description Single Sign On Provider Select the JESPA option Bind Address Enter the machine name where this computer account has been created. DNS Servers IPs Comma-separated list of DNS Server IPs. Computer Account Name JESPA, as an SSO provider, needs a computer account name for system authentication against the active directory. Computer Account Password Enter the password for the computer account name mentioned above. jespa jar Upload the JESPA jar file. Kyvos uses this to perform SSO using JESPA. You can download the jar from https://www.ioplex.com/downloads.php
jcifs jar Upload the JCIFS jar file. Kyvos uses this to perform SSO using JESPA. You can download the jar from https://jcifs.samba.org/src
Click the Validate JESPA Configuration button to verify that the JESPA settings mentioned are correct.
Click Kyvos and Ecosystem > Properties.
On the Properties page, in the kyvosclient.properties, set the value for SYSTEM_AUTH_ENABLED to YES. This will allow users to connect to the Kyvos Web using Windows authentication.
In the olapengine.properties file enter the CLIENT_URL in the http://tomcatUrl:port/AppName format.
Note
Configuring JESPA in Kyvos is not certified on AWS, Azure, and GCP clusters.
Connecting to BI tools
To connect Kyvos to a third-party BI tool through SSO, use the URL as: http://tomcatUrl:port/AppName/xmlaKyvosSSO