Bpm’online offers additional options for managing user accounts for enterprises with high user count or additional security requirements. The following options will ensure consistency between user accounts in bpm’online and other enterprise’s systems and services, as well as enable the users to use a single set of login credentials throughout those services:
With single sign-on, users need to log in only once to authorize in multiple services that they are supposed to access. User authentication is processed by a secure third-party identity provider, with no need to manage passwords for every single user in bpm’online. During the first login attempt, if the user account has not been created previously, just-in-time provisioning mechanism will automatically create the corresponding bpm’online user account with proper data from the identity provider, such as user group, employee name, contact information, etc.
Bpm’online can integrate with any identity provider that supports the SAML 2.0 protocol. This guide contains instructions on how to set up SSO with two popular identity providers: ADFS and OneLogin.
An LDAP directory service can act as a single, authoritative user registry for thousands of users. Integrating with LDAP enables you to:
•Pick up user roles and structure directly from your corporate Active Directory (AD).
•Enable users to log in to bpm’online with their domain credentials - LDAP compares them with the username and the password details stored in the Active Directory.
Windows authentication lets authorized Windows domain users to log in to bpm’online without having to enter login and password. A user’s identity is verified by comparing the current user’s domain credentials with the credentials of the corresponding bpm’online or LDAP user.
Contents