Document toolboxDocument toolbox

SSO Configuration for Windows Authentication

Owned by Sarabjeet Kaur
Last updated: Nov 15, 2023
2 min read

Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)

There are mainly two authentication protocols for Windows Authentication, namely NTLM and Kerberos. Kerberos is the default protocol. For some Windows versions, NTLM is used instead.

Kyvos supports Jespa third-party jar files for SSO authentication. It also works on Tomcat on Linux and supports only NTLM protocol.

Prerequisites

For SSO using Windows authentication, the Windows user(s) must be imported into Kyvos.

Jespa configuration

To configure Jespa for Single-sign-on login to the Kyvos Manager using Admin credentials, perform the following steps.

  1. Click Security > Kyvos Authentication.

  2. Select the Single Sign On Configuration checkbox and enter details as:

  3. Click the Validate JESPA Configuration button to verify that the JESPA settings mentioned are correct.

  4. Click Kyvos and Ecosystem > Properties.

  5. On the Properties page, in the kyvosclient.properties, set the value for SYSTEM_AUTH_ENABLED to YES. This will allow users to connect to the Kyvos Web using Windows authentication.

  6. In the olapengine.properties file enter the CLIENT_URL in the http://tomcatUrl:port/AppName format.

Note

Configuring JESPA in Kyvos is not certified on AWS, Azure, and GCP clusters.

Connecting to BI tools

To connect Kyvos to a third-party BI tool through SSO, use the URL as: http://tomcatUrl:port/AppName/xmlaKyvosSSO

Copyright Kyvos, Inc. All rights reserved.