Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)

Single sign-on (SSO) is a framework that allows users to securely access multiple applications and websites with just one set of login credentials.

Kyvos supports external authentication and SSO in addition to its built-in authentication. 

If SSO is configured in Kyvos through an external authentication, users can use their LDAP credentials to log into the Kyvos Web. The external identity provider (like Okta) authenticates the user against the configured LDAP/AD and redirects them to the Kyvos Web application on successful login.

Kyvos supports the following SSO Authentication methods:

• Okta using SAML 2.0

• Windows Authentication using Jespa

Web based-SSO for Kyvos Web Portal and Kyvos Manager

Kyvos supports the following web-based SSO types, allowing you to log in to the Kyvos web portal.

• OIDC based authentication

• SAML 2.0 based authentication

• Certificate based authentication

• Host application based authentication

In addition, Kyvos supports Windows Authentication for both Kyvos Web Portal and Kyvos Manager.

OpenID Connect (OIDC) based authentication

OpenID Connect (OIDC) is an authentication protocol that verifies a user's identity when a user tries to access a protected Hypertext Transfer Protocol Secure (HTTPS) endpoint. OIDC was developed to work together with open authorization (OAuth) by providing an authentication layer to support the authorization layer provided by OAuth. You can use any OIDC authentication providers, such as Okta, Azure AD, etc., to configure on Kyvos.

SAML 2.0 based authentication

Kyvos supports federated SSO via SAML 2.0 protocol. SAML allows a user to authenticate a system and gain access to another system by providing proof of their authentication. SAML represents identity data using an XML token and transfers it using HTTP. In Kyvos, you can use any SAML 2.0 authentication provider, such as Okta or Azure AD.

Certificate-based authentication

Certificate-based authentication works based on handshaking between server and client certificates. Thus, there is no need to provide credentials to log in to the Kyvos web portal.

Host Application based authentication

The host application acts as a proxy and is placed between the Kyvos web client and the user. Kyvos uses the authentication details provided by the authentication proxy application to log in to the Kyvos web application.

Windows Authentication (Supports both Web and BI tools connectivity)

Windows authentication is a form of authentication that uses the username and password of a Windows account to verify the identity of an application or service. This would require Windows users to be imported into the Kyvos user repository. Kyvos supports NTLM-based Windows authentication.

SSO Authentications for BI tools

Kyvos supports the below types of authentications from BI tools such as Tableau, Power BI, MicroStrategy, and Excel, etc.

Windows NTLM Authentication

To use Windows SSO Authentication (NTLM) in BI tools, you must configure it in Kyvos and use it from BI tools that have compatibility to support Windows authentication.

Kyvos Windows authentication (NTLM) works with the BI tools below using XMLA protocol.

1. For tools like Tableau, Kyvos Excelerate (Excel plugin), Excel, SSRS, and MicroStrategy, you can use Microsoft Analysis connector to connect to Kyvos semantic models.
   
   

   Open

   

2. For Power BI, you can use Microsoft Analysis connector to connect to Kyvos semantic models to Power BI. It uses DAX as a querying language.
   
   

   Open

   

Windows Kerberos Authentication

Kyvos supports Windows Authentication (Kerberos) in BI tools which have capabilities that can support Kerberos Authentication. Tableau, MicroStrategy, and Power BI – In these tools, you can connect to Kyvos semantic models using Spark SQL connector, which allows you to connect using Kerberos authentication.

Open

Related Topics

Web Portal Authentication