With Cloud integrations of Intuitive, we’re able to harness multiple types of external authentication apps for handling the logins for the Intuitive users.
It’s a powerful method of using their pre-existing security frameworks, but with a single logon that users need to remember.
Currently, Intuitive is able to use the authentication methods for Office 365, Gmail and Okta.
For each of these integrations, they have guides for creating these web apps, but for each method, all we need is the Client ID and Client Secret.
The links can be found below, but for more up to date guidance, please contact your vendor for additional third-party documentation.
GMAIL
https://developers.google.com/identity/sign-in/web/sign-in
OKTA
https://developer.okta.com/docs/guides/find-your-app-credentials/main/
OFFICE 365
https://learn.microsoft.com/en-us/partner-center/marketplace-offers/create-or-update-client-ids-and-secrets
Once you’ve created your integration, you may only need to send Intuitive the Client ID and Client Secret. In some cases, additional information may be required.
With that information sent over, Intuitive will add it to your cloud service as part of the Azure provisionment. After being granted access to the pod, you can create user accounts with the External authentication method.
The first time you login, you will need to use the internal Intuitive accounts, but these can be deleted later.
However, the process of creating new users, or editing existing ones is very straightforward, and follows the existing methodology for any new account procedure.
Opening the Users page, let’s create a new user with an External authentication provider. At the top, we need only select the option for “External”.
You’ll notice that the number of fields has now been reduced. This is due to the password of the account now being redundant.
For the username and email, select the same email address as the external user that wishes to sign-in for both of these fields.
The rest of the fields are for you to configure, but a regular dashboard viewer with access to the suite of dashboards looks something like this.
You can edit existing users that were previously 2FA / internal account and change them to external accounts. You’ll want to ensure that the email address specified is unique, and doesn’t exist in any of the other users, as otherwise they won’t be able to sign in.
Lastly, once your users have been set up, you may want to delete the in-built Intuitive accounts of 'admin' and 'useradmin'. Before doing so, please ensure that you have at least one external-authenticated account who has the Administrator role, and another account as a User Administrator. Additionally, please plan a contingency plan if either of those two accounts are disabled, deleted or reset in your environment.