Sign in

External authentication

1 min read

External authentication functionality is an Aras DevOps feature available for Aras Enterprise customers working with containerized deployments.

This functionality enables customers to configure Aras Innovator instances to allow single sign-on using an external identity provider.

Each external authentication consists of two steps:

  1. External authentication in the external identity provider.
  2. Process the result of external identity provider logins by mapping an external user to the Aras Innovator user. Each external authentication has its own user format, so it is important that the user mapper can handle any user format. The Generic User Mapper plugin is flexible in mapping an external user to an Aras Innovator user for multiple authentication types.

Configuring authentication plugins for each step is necessary for single sign-on using external authentication to Aras Innovator.

The following steps outline the high-level process of external authentication configuration:

  1. Configure the external identity provider (e.g., add application registry).
  2. Add Transformation for external authentication plugin (e.g., Aras.OAuth.Server.Plugins.Saml2Authentication plugin) and for user mapper plugin (e.g., using Aras.OAuth.Server.Plugins.GenericUserMapper plugin).
  3. Run the CI Pipeline and deploy it.
  4. Create a user that corresponds to mapping.
  5. Configure access to the external identity provider (e.g., DNS settings).