Add a User SSO profile

By pressing the clip018a button on the top of the screen, a new user Single Sign On profile can be created. The same dialog is displayed when editing existing profiles from the user SSO profiles list.

The left hand side menu shows the available settings section. Settings are displayed according the selected section.

General

Name
The distinguish name of this user SSO profile which will be displayed anywhere the profile can be used.

Type
Select the type of profile to add, available options are:

  • AD (Active Directory)
  • Azure
  • GSuite
  • Windows

According the selected server type different options might be displayed.

Windows profile type has no additional settings section and saving will complete the user SSO profile creation / modification.

AD & Windows

Server
Enter the target server address, either as IP address or DNS name, according the specified previous Type.

Domain (available for AD)
Enter the target Active Directory domain where to connect to.

Username
Enter a valid username here to connect to the specified server via the specified protocol.

Password
Enter a valid password here to connect to the specified server via the specified protocol.

Info

Username and Password must be the credentials of a user who has enough rights to either connect the target server and browse the destination users directory.

Username authentication only
If enabled will allow to perform a username validation only rather than a full authentication, anywhere the current profile will be used.

Username authentication is useful when the profile is used only for data retrieval and not for authentication, in this way it is possible to retrieve user information by looking for the specified username only without the needs of having the user password and pass the authentication first.

Azure

Info

This is a OAuth profile type, after confirming or saving settings OAuth authentication process to the specified tenant domain will be performed.

Domain
Enter the target Azure tenant domain where to connect to.

Username authentication only
If enabled will allow to perform a username validation only rather than a full authentication, anywhere the current profile will be used.

Security enabled groups
If enabled will query security groups (groups with the flag securityEnabled to true).

Request OneDrive tenant access
If enabled Scanshare will request extra permissions to the tenant to access all tenant users OneDrive folders via an administrator access token.

This feature is useful and used when there are workflows scanning to OneDrive for Business. With this option enabled there will be no need to create OAuth users as the global tenant access can be used.

Warning

OneDrive tenant access requires mandatory a global Tenant administrator account.

Info

If Use cloud service server option is enabled a Sign In With Microsoft button will be displayed in the login page in order to authenticated with the configured profile domain.

GSuite

Info

This is a OAuth profile type, after confirming or saving settings OAuth authentication process to the specified tenant domain will be performed.

Domain
Enter the target Google Workspace domain where to connect to.

Username
Enter a Google Workspace administrator which will be used during the authentication process.

Username authentication only
If enabled will allow to perform a username validation only rather than a full authentication, anywhere the current profile will be used.

Request Drive domain access
If enabled Scanshare will request extra permissions to the target workspace domain to access all users Drive folders via an administrator access token.

This feature is useful and used when there are workflows scanning to Google Drive business accounts With this option enabled there will be no need to create OAuth users as the global wide domain access can be used.

Warning

Drive domain access requires mandatory a global domain administrator account.

Info

If Use cloud service server option is enabled a Sign In With Google button will be displayed in the login page in order to authenticated with the configured profile domain.

Server

The Server section shows a table with the current target server users browsable tree. It will be displayed only when a successfully connection to the target server is established.

The section allows to select which user(s) or in general objects (such as groups, security group) requires specific configurations.

It is also possible to search through the objects by using the search function on the upper right side.

The view of the table is very easy and intuitive:

• Chevron
If the current object is a parent object a chevron right icon is displayed in this column. By using the arrow it is possible to open and dynamically browse the children of the current object.

• Name
The display name of the tree object.

• Workflows
The number of workflows assigned to the current object identified by icon.

A plus icon is displayed when no workflows are specifically assigned. A green icon with a number is displayed instead when workflows are assigned.

By clicking the icon the assigned workflows can be modified.

Info

By default ALL workflows are visible if no assignment is done.

• DN
The Distinguish Name of the current tree object. This can be either be an AD DN or an internal GUID according the target users source type.

Always on Top Bar on the right hand side we can find general object controls.

• Select all
Select all objects available in the list.

• Unselect all
Unselect all objects available in the list.

• Refresh
Refresh the objects list (reload the tree).

Info

When a group is selected all children and sub children at any level are treated as selected and using the assigned workflows.

Warning

For authentication purposes there is no need to select objects. Authentication will always validate any valid users against the target users source type (server.

Properties

The Properties section allows to customize which extra specific properties to retrieve when the current profile will be automatically used during authentication and / or processing.

The configured settings here applies for a target user when available during either authentication or processing of job coming from an authenticated scan.

Standard properties, when available, are always retrieved by default and they don’t need to be configured. They are in specific:

  • DN / Id
  • Full Name
  • First Name
  • Last Name
  • Email address
  • Home folder

Properties are grouped in Authentication and Workflow according if they are retrieved for the Accounting module functionalities or during the standard Workflow processing.

Authentication

Info

When any option is configured in this section new user placeholders will be created in the Users list to hold the imported or generated User ID and / or PIN.

User ID
Enter the data source property to retrieve and set as User ID accounting property. If the property is not existing or empty no User ID will be set for the target user.

Auto generate
If enabled will generate automatically a numeric User ID of 4 digits for each user marked in the current profile.

PIN
Enter the data source property to retrieve and set as PIN accounting property. If the property is not existing or empty no PIN will be set for the target user.

Auto generate
If enabled will generate automatically a numeric PIN of 4 digits for each user marked in the current profile.

Workflow

With this section you add additional custom properties to import from the connected data source, for each user.

Use the Add Property to add a new property and set the name of the Property and the name of the Variable which will contain the target property, if existing and not empty.

Use the delete red cross button to delete an existing property from the list.

Info

The configured properties are automatically imported during the processing of scan job made by an authenticated user via the current user SSO profile.

Previous Article

Dashboard