Web SSO authentication

SSO (Single-Sign-On) is a method by which users can login to one service (identity provider) and automatically be granted access to other services (service provider) without the need to login separately to these other services. An example of this would be logging into Google Apps and automatically be granted access to your MFT Server account without the need for a separate login. Google Apps would serve as the identity provider and your MFT Server instance as the service provider.

 

MFT Server provides support for web based SSO using SAML, OpenID and OpenID Connect compliant identity providers.  Please consult the documentation of your identity provider for details on how to enable/configure SSO.

 

Note: Microsoft Entra ID SAML toolkit and OPENID are not supported in a JSCAPE SaaS environment

 

Login URL

 

To perform a web SSO login use the following URL format:

 

https://[hostname]/sso/[domainname]/login

 

For example, if your hostname is 1.2.3.4 and your domain is mydomain this URL would look as follows:

 

https://1.2.3.4/sso/mydomain/login

 

If you have already authenticated with your identity provider then you will be automatically logged into MFT Server. If not, then you will be redirected to the Sign-in URL for your identity provider.  After authenticating with your identity provider you will be automatically logged into MFT Server.

 

Note:

 

SSO applies only to web based sessions.  Other protocols (FTP/S, SFTP, WebDAV, AFTP etc.) will authenticate users using the defined authentication service for the domain.

 

Note:

 

When configuring Web SSO for any Service type, you have the option to allow the system to create a user account if it does not exist - for the new user logging in. The field that determines if a user account is created is named Create user if not found using template <Template Name>. If this field is checked, you must consider whether you will allow a secure or non-secure connection, which is determined by a field in the Template specified. The field is named Require secured connection. When checked (for new templates, it is checked by default), only connections using HTTPS are allowed. See the images below.

 

YourDomain > ACCOUNTS > Authentication > Web SSO

 

 

YourDomain > ACCOUNTS > Users > Templates