SSO Client authentication with Groups
See KB article on how to configure Single Sign On (SSO) with PassagePoint Client AD Authentication
To configure Single Sign On (SSO) with Groups PassagePoint must be on build version 6438 or higher.
To find your build version:
1) Login to PassagePoint with admin
2) Navigate to home > configure system > product licenses > last 4 numbers
New User Accounts that are created using the “AD LDAP Login” feature, instead of assigning a fixed User Role, assign the User Role depending upon the AD Group that person belongs to. For example, if the user is from the Admin Group then when PassagePoint creates the User Account for this user it should assign the Admin User Role, the same way, if the user is from the Reception Group then PassagePoint should assign the Reception User Role.
In the Authentication rules >> Click "add" at the bottom >> enter the group name and the user role you want to assign it to.
- Group Name (text field): the Group Name should be the same as the name of the
"member of" in AD.
After running through the KB, navigate to Exit PassagePoint >> log back in with admin >> home > configure system > Global settings >> check "Enable AD LDAP" >> click "Save"
PassagePoint services is required after configuring.
If Active Directory Authentication rule is configured (with “Map AD Group with User Role” setting configured) and “AD LDAP Login” setting is enabled, then when user will log-in windows machine and click on PassagePoint icon:
PassagePoint verifies the Active Directory Username of logged in Windows User with the Active Directory configured.
If the username is found in the Active Directory then it will look for the AD Group ("member of" in AD.) of that logged in user.
If the user AD Group found, matches with the AD Group defined in the Authentication Rule, then if the logged-in user does not exist in the PassagePoint system, then it will create the User Account for the logged in user with the User Role that is defined for that particular AD Group
If the User Account already exists, then PassagePoint will not make any
change in the User Account and will use the same existing User Role for that account.
If the user AD Group does not match with any of the AD Group defined in the
Authentication Rule, PassagePoint will create the User Account for the logged in user.
If it does not exist already with the User Role defined in the “AD LDAP Login” Global Setting
Related Articles
Single Sign On (SSO) with PassagePoint Client AD Authentication
PassagePoint's client authentication can work with AD via the LDAP protocol to provide a seamless Single Sign on (SSO) into passagepoint. This requires the windows user on the passagepoint client to be logged in as a domain user that has rights to ...SSO setup with IIS
Prerequisites 1) This document assumes you've laready setup passagepoint with IIS. if not, pls review here and set up IIS with passagepoint first: https://support.stopware.com/portal/en/kb/articles/iis-setup-with-passagepoint 2) LDAP directory Link ...How to Disable client SSO when "AD LDAP LOGIN" is enabled
6434 or higher user this: https://support.stopware.com/portal/en/kb/articles/pasagepoint-client-ad-authentication lower than 6434 use this: On the PassagePoint Application server: 1) Stop the PassagePoint services 2) Go to >> ...IIS/passagepoint SSO integration Troubleshooting steps
PassagePoint uses IIS windows authentication via NTLM for SSO into PassagePoint 1) Receiving 404, page not found or page not loading at all a) Disable URL rewrite double click on URL rewrite click on the rule, then hit Disable rule b) Test IIS by ...How to repoint a PassagePoint client to another PassagePoint server
Please follow these steps to point a PassagePoint client to another PassagePoint server. Right Click on the PassagePoint icon and hit ‘Open File Location’ Open the “Client” folder (C:\PPGlobal\Client) delete imgCache delete jarCache delete ...