Kyvos Web Portal SSO Configuration

Applies to: Kyvos Enterprise Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)

Single sign-on (SSO) is a framework that enables users to securely authenticate multiple applications and websites using a single set of credentials (username and password). The application, or the website being accessed, relies on a trusted third-party to verify the users.

Kyvos supports external authentication and SSO in addition to its built-in authentication.

Note

This is an optional post-deployment SSO Configuration for Kyvos Web Portal.
From Kyvos 2023.3 onwards, you can see the last performed SSO operation details, including progress status and start time, by clicking the i icon located next to the Revert button. To view more comprehensive details, simply click the View Details link, which will take you to the Operations page, where you can view the operation information in detail.

If SSO is configured in Kyvos through an external authentication, users can use their LDAP credentials to log into the Kyvos Web. The external identity provider (like Okta) authenticates the user against the configured LDAP/AD and redirects them to the Kyvos Web application on successful login. When Kyvos receives a successful authentication (through SAML) response from the identity provider, it fetches the user profile details, like username, user login, password, etc., from the identity provider. These details are added to the user information in the Kyvos session object.

Important

To configure SAML2.0 as an external authentication provider for the Kyvos Web Portal, you must add the following values when creating the application in Identity Provider (IdP) for Single Sign On:

Sign-in redirect URIs: /kyvos/oauthRedirect
Sign-out redirect URIs: /kyvos/#/master/SSOLogout

Kyvos supports the following SSO authentication methods:

Okta using SAML 2.0
Windows Authentication using:
- Waffle
- Jespa