Skip to main content
System StatusContact Support
VersionOne Community

Single Sign-On

This feature is available in Ultimate edition only.

editions-u.png

The content in this article applies to On-premise VersionOne instances only. If you are an On-Demand (V1 Hosted) customer, see On-Demand (V1 Hosted) System Maintenance.

SAML-based Single Sign-On (Browser SSO) is a security configuration option available in an on-demand or on premise environment. Using SAML, the VersionOne Service Provider integrates with your Identity Provider to authenticate users when accessing VersionOne.  This eliminates the need for separate credentials when accessing the application and gives you full control over authentication, access and more flexibility with password rules for your users.

If your organization already uses SAML-based SSO and you’d like to configure your on-demand VersionOne instance to participate, contact your Account Manager for additional details.

The instructions below describe how to enable SAML-based SSO in an on premise VersionOne instance.

Enabling SSO

  1. Install VersionOne using the default V1 authentication.
  2. Rename the 'admin' username to match the administrator's SSO username.

  3. Add the following to appSettings in user.config (or create a user.config if it doesn't already exist):

    <add key="DelegatedAuthHeader" value="HTTP_USER"/>

    If creating a new user.config file its contents would be:

    <appSettings>
    <add key="DelegatedAuthHeader" value="HTTP_USER"/>
    </appSettings>
    

     

  4. Configure your SSO system to supply the username to VersionOne via HTTP_USER header variable

  5. Configure your SSO system to protect the following VersionOne endpoints

    • /default.aspx

    • /downloadfile.aspx

    • /attachment.img

    • /attachment.v1

    • /export.v1

    • /assetdetail.v1

    • /ui.v1

    • /rest-1.v1

    • /roadmapping.v1

    • /*.mvc

    • /oauth.v1/auth

    • /query.legacy.v1

Several customers have chosen to configure their SSO system to secure the entire VersionOne virtual directory. When choosing this approach, you must disable SSO when installing or upgrading Analytics because that installer relies on two VersionOne endpoints that are not secure in a non-SSO environment.

Once configured, VersionOne will authenticate users based on username supplied in HTTP_USER header variable. An 'Access Denied' message displays to users who do not have a matching username defined in VersionOne.

  • Was this article helpful?