Authentication Options for EMS Web App
Authentication options for the EMS Web App include:
- Integrated Windows Authentication
- LDAP
- Portal Authentication
- SAML Authentication
- EMS Native Authentication
Authentication is controlled by three factors. They all must be configured correctly for the authentication to work:
- Login Credentials – Location where external LDAP/Windows/Portal credentials need to be entered in our software for each user.
- Enabled by – A parameter or checkbox that needs to be enabled for the authentication to work.
- Configuration Page – Where configuration and options are set for the authentication.
Integrated Windows Authentication
Integrated Windows Authentication (IWA) is a built-in Microsoft Internet Information Services (IIS) authentication protocol that can be used to automatically authenticate and sign-in a user to EMS Web App. Integrated Windows Authentication works with Microsoft Edge and is best used on intranets where all clients accessing EMS Web App are within a single domain.
- Login Credentials – Network ID / External Reference in web user account settings (Either of these work).
- Enabled by – Within IIS on the VEMS site, "Authentication" options, Windows Authentication enabled, Anonymous Authentication disabled.
- Configuration Page – IIS "Authentication" options.
LDAP
Lightweight Directory Access Protocol (LDAP) is an application protocol for querying directory information. The LDAP Authentication method provides single-sign-on capability using your organization’s LDAP environment and can be used in both intranet and internet deployments of EMS Everyday applications, such as EMS Web App.
- Login Credentials – Network ID / External Reference in web user account settings (This is specified by the "Field Used to Authenticate Web User" on the VEMS/EMS Web App Parameters tab).
- Enabled by – ldapconfiguration.aspx page, "Authenticate users via LDAP?" checkbox (must be logged in with Web Admin security role and have Integrated Authentication in license).
- Configuration Page – ldapconfiguration.aspx page (there are multiple tabs).
- Other Notes – EMS LDAP License is required for this to work. The web server will need access to directory server for this to work.
Portal
The Portal Authentication method provides EMS Web App single sign-on capability using your organization’s portal (e.g., CAS, Shibboleth, SiteMinder, Plumtree, uPortal, etc.). When a user who is logged into your portal accesses EMS Web App, a predefined user-specific variable (e.g., email address, employee/student ID, network ID, etc.) captured by your portal/sign-on page is compared against corresponding information recorded in the Network ID and/or External Reference fields of your EMS Everyday User records. If a match exists, the Everyday User will be automatically logged-into EMS Web App. See Also: Portal Federated Authentication.
- Login Credentials – Network ID / External Reference in web user account settings (this is specified by the "Field Used to Authenticate Web User" on the VEMS/EMS Web App parameters tab).
- Enabled by – Always enabled; select the appropriate entry from the "Portal Authentication Method" on the VEMS/EMS Web App Parameters page.
- Configuration Page – There are multiple different setup items in the VEMS/EMS Web App parameters under the "Authentication" area.
SAML
As of Update 23 (March 2018), SAML authentication for the EMS Web App is supported through EMS Platform Services. This is now the recommended method for configuring SAML.
- Login Credentials
- Enabled by
- Configuration Page
- Other Notes