The Inner Range Enterprise Solution, powered by Integriti, supports Single Sign-On (SSO) authentication for software operators. This allows operator authentication to be managed by an external authentication service to centralize operator credentials across multiple systems.
Integriti supports integration with the following external authentication systems:
Windows Active Directory (AD): This allows operators to be authenticated against a Windows Active Directory domain, allowing Windows credentials to be used to log into an Integriti system. Operator credentials can be authenticated against either the current, or a manually specified alternative Active Directory domain, depending on the system’s requirements.
OAuth Authentication: This allows operators to be authenticated against a compatible OAuth authentication server. This includes both Okta and Azure AD, however, should be compatible with any OAuth system that supports the OAuth Password Credential Flow. OAuth authentication requires Integriti v21.1 or later.
Note: Azure AD integration for SSO is only supported when the customer is using "Azure Enterprise" (Azure Enterprise uses Azure AD, but not all Azure AD uses Azure Enterprise). Integriti only works Enterprise Azure AD configurations (with the necessary options configured), any other types of Azure AD do not support the authentication mode Integriti uses for the OAuth logic.
Note: Integriti uses the Microsoft Graph API to communicate with Azure AD (not SCIM). Integriti uses Open ID Connect when connecting to OAuth SSO (not a SAML token).
For more details on exactly which Azure AD configurations are supported: click here
OAuth and AD authentication login with Integriti
OAuth and AD authentication works regardless of how the operator logs into system. Inner Range have explicitly tested against the Integriti System Designer and GateKeeper thick clients, as well as the Integriti web interface.
As opposed to the thick clients, the Integriti web interface does not support logging in as the "Current Windows User", rather the AD username and password will need to be manually entered.
Active Directory
Integriti supports integration with Active Directory for operator Single Sign-On (SSO). Using SSO integration, Integriti operators are not required to enter an Integriti login username and password as their credentials will be validated with Active Directory, based on their Windows login. The Single Sign-On authentication delivers fast and efficient use of the Integriti application.
As a further benefit, Active Directory can provide comprehensive password management, including adherence to any global password policies that may have been deployed by the organization.
Active Directory integration is included with Integriti Business and Corporate Edition.
For more information on how Single Sign On can help empower the use of your Inner Ra
nge system please contact your local Inner Range sales representative.
