Configuring authentication for Self Service Portal users
Introduced in 2024.2
The Authentication page under Apps and Portals > Self Service Portal in the Admin Center lets you manage how users sign in to the Self Service Portal. The authentication options on this page depend on the authentication method that was selected for the Self Service Portal instance on the server side, during the configuration.
IMPORTANT: Saving changes on this page restarts the Web App, disconnecting active sessions and risking unsaved data loss. To reduce disruption, apply changes after hours and notify users beforehand.
Password Authentication
Enable or disable password-based sign-in by toggling the Allow password authentication option. You can relay on password authentication alone or combine it with single sign-on (SSO).
IMPORTANT: For this option to work, password authentication must also be allowed in SSP customer accounts.
SSO/LDAP Authentication
Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) allow you to integrate your Self Service Portal with external services, such as identity providers (e.g., Microsoft 365, Okta, Google) and LDAP domains (e.g., Microsoft Active Directory, JumpCloud, AWS Directory Service). This integration enables users to sign in seamlessly using their existing organizational credentials. Additionally, you can eliminate the need to duplicate user accounts in Alloy Navigator Express and allow users to sign in without SSP Customer accounts.
SSO Providers
To enable SSO authentication for Self Service Portal users, select the checkbox for desired SSO providers. These providers must already be configured in Alloy Navigator Express as SSO Provider records. For details, see Managing single sign-on (SSO) providers.
To allow users to sign in via SSO without accounts in Alloy Navigator Express, turn on the toggle under Allow sign-in without SSP accounts for the relevant providers. When this option is active, Alloy Navigator Express automatically creates active Person records for new users upon their first sign-in, following the workflow action specified under Create Persons using this Action below.
Domains
To enable LDAP authentication for Self Service Portal users, create a corresponding Domain record and provide the necessary connection parameters as described in Managing Domain Credentials. Once these records are created, they will appear on this page in the Domains list.
NOTE: LDAP authentication requires users to enter their login name as DOMAIN\username.
To allow users to sign in via LDAP without accounts in Alloy Navigator Express, enable the Allow sign-in without SSP accounts toggle for the relevant domains. When this option is active, Alloy Navigator Express automatically creates Person records for new users upon their first sign-in, following the workflow action specified under Create Persons using this Action below.