In-App SSO Technical Details

What is Single Sign-on (SSO)?

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications by using just one set of credentials.

What functionality does Atrieve’s In-App SSO provide?

Atrieve In-App SSO removes the need for a 2^nd set of credentials for end-users when logging into Atrieve Web.

Can I integrate Atrieve into Azure, Google, or other services for SSO Authentication?

 Yes, in Atrieve 22.02, the following is now supported:

• 3^rd party authentication such as Google or Microsoft Azure

• Multi-factor Authentication with Microsoft and Google Authenticators

What setup and configuration is required for my district to prepare to use In-App SSO?

for LDAPS Authentication:

• Ensure all users have their employee ID entered into their designated field (EmployeeNumber or EmployeeID or Pager for example) in Active Directory. Note, this is a preexisting requirement for LDAP integration.

For SQL User authentication:

• No additional setup is required if your district is using SQL user authentication

What does the In-App SSO process look like? 

What happens if the SSO Authentication Service is down?

If the SSO Authentication Service is down, the user will be unable to sign in to the portal or any related applications. The user will be presented with the following error message:

Service Unavailable 

HTTP Error 503. The service is unavailable

For self-hosted districts to resolve this, restart the applicable Authentication Service application pool in IIS 

1. Launch Internet Information Services Manager on the web server

2. Navigate to Application Pools

3. Right click on authenticationserviceAppPool

4. Select Recycle.

The following message will require the.NET application pool to be recycled.

Logout You are now logged out

Unable to access the Authentication Service authorization endpoint

1. Launch Internet Information Services Manager on web server

2. Navigate to Application Pools.

3. Right click on .NET v4.5 Classic.

4. Select Recycle.

What happens if my .NET Web Portal session expires while I am using Atrieve Web?

Your Atrieve Web session will remain active. Behind the scenes, there is a keep-alive process that happens between Atrieve Web and the .NET Web Portal that maintains the session by keeping it active.

If the session does become inactive, or, the user clicks the Logout button in the .NET Web Portal, the keep-alive process will fire off on its next interval and prompt the user to log back into the .NET web portal. Without being logged into the portal, some features are non-functional such as Document activities (viewing, uploading, etc.).

What happens if I click the Logout button in the .NET Web Portal?

The logout process logs you out of both the application and out of the SSO authentication service.

If you are actively working in an Atrieve Web session and you log out from the .NET Web Portal, you will be logged out of all services. However, your Atrieve Web session will remain active. The keep-alive process (see above) will prompt you to log back into the .NET Web Portal at its next interval. Clicking the logout link within Atrieve Web application will not log you out of the .NET Web Portal session at this time.

Why does it say the “Redirecting you to …” message after I log into the .NET web portal or other applications?

The SSO process is a different application, so there is some redirection of pages, reloading of pages, and validation that can occur. If this process is delayed, the message informs the user that the system is active and that they will be redirected after the processing is complete.