- Getting started
- Host administration
- Organizations
- Authentication and security
- Licensing
- Accounts and roles
- External applications
- Notifications
- Logging
- Troubleshooting
Automation Suite admin guide
Configuring host authentication settings
As a system administrator, you can choose the authentication and related default security settings for your installation. These settings are inherited by all organizations as default.
Automation Suite allows you to configure an external identity provider to control how your users sign in. The following table provides an overview of the different host-level external providers available:
|
External Provider Integration |
Authentication |
Directory Search |
Administrators Provisioning |
|---|---|---|---|
|
Administrators can use SSO with Windows Authentication using the Kerberos protocol |
Administrators can search for users from the Active Directory |
For a user to be able to login, either the user or a group that the user is a member of should already be added to Automation Suite. Active Directory users and groups are available in Automation Suite through directory search. | |
|
Administrators can use SSO with Azure AD using the OpenID Connect protocol |
Not supported |
Users must be manually provisioned into the Automation Suite. with an email address matching their Azure AD account. | |
|
Users can use SSO with Google using the OpenID Connect protocol |
Not supported |
Users must be manually provisioned into the Automation Suite organization with an email address matching their Google account. | |
|
Users can use SSO with any Identity Provider that supports SAML |
Not supported |
Users must be manually provisioned into the Automation Suite organization with a username/email/external provider key (as configured in their external identity provider configuration) matching their SAML account. |
Differences between integrating Azure AD at host-level and organization-level
The host-level Azure AD external identity provider only enables SSO functionality. This means that the user must be manually provisioned into the Automation Suite organization with an email address matching their Azure AD account for them to sign in to the organization.
When organization-level is configured, users that sign in to the organization through Azure AD (SSO) will be automatically provisioned in the Automation Suite. In addition, logged in directory users can search for other users in Azure AD.
