Skedler Single sign-on with OpenId and Azure Active Directory

Skedler supports security plugins like X-pack, open distro, search guard, Nginx, and security onion. Now our latest version of Skedler v4.12 supports SSO with OpenId Connect and Azure AD

What is SSO in Azure AD:

Single sign-on (SSO) adds security and convenience when users sign-on to applications in Azure Active Directory (Azure AD). This article describes the single sign-on methods and helps you choose the most appropriate SSO method when configuring Skedler application.

• With single sign-on, users sign in once with one account to access domain-joined devices, company resources, software as a service (SaaS) applications, and web applications. After signing in, the user can launch applications from the Office 365 portal or the Azure AD MyApps access panel. Administrators can centralize user account management, and automatically add or remove user access to applications based on group membership.
• Without single sign-on, users must remember application-specific passwords and sign in to each application. IT staff needs to create and update user accounts for each application such as Office 365, Box, and Salesforce. Users need to remember their passwords, plus spend the time to sign in to each application.

Choosing a single sign-on authentication method in Skedler V4.12:

There are several ways to configure Skedler application with a security plugin but we choose open distro security plugin because Open Distro for Elasticsearch gives you a comprehensive set of features to help you keep your data secure and stay compliant with regulations such as GDPR, HIPAA, PCI, and ISO. Whether you want to encrypt data-in-transit, authenticate users against Active Directory, use Kerberos or JSON web tokens for single sign-on (SSO), or monitor and log any malicious access attempts, Open Distro for Elasticsearch has you covered.

On-premises applications can use password-based, Integrated Windows Authentication, header-based, linked, or disabled methods for single sign-on.

Password-based SSO:

With password-based sign-on, users sign on to the application with a username and password the first time they access it. After the first sign-on, Azure AD supplies the username and password to the application.

Password-based single sign-on uses the existing authentication process provided by the application. When you enable password single sign-on for an application, Azure AD collects and securely stores usernames and passwords for the application. User credentials are stored in an encrypted state in the directory.