SAML 2.0 authentication with Analysis Services and XLCubedWeb
Interested in exciting thought leadership and revenue insights?
Sign up for the Fluence newsletter.
With the upcoming maintenance release of V9.2 we are introducing support for Single sign-on in XLCubedWeb, this can be configured to use any SAML 2.0 identity provider and provides some useful functionality for integrated user-level data access in Analysis Services.
For the moment Analysis Services only supports windows-based authentication, and many of our customers are using single-sign on providers to authenticate users and provide application access. As part of our single-sign on solution we give the ability to define the Analysis Services access level for the users in the identity provider (or via a custom SQL lookup if access level mapping is stored outside of the provider).
This allows customers to setup SSO and still allow different users to have different access to different cube levels. To do this XLCubed makes use of the “EffectiveUser” and “Roles” connection properties, these properties allow the connection to run as a particular user or in the context of a cube-define role.
The following gives an overview of the process when using role mappings stored in the identity provider:
Or if using SQL to provide the user to role mapping:
We will also look at a practical example of setting up single sign with role mapping in a future blog