How Single Sign-on Works

Whenever a user attempts to log in to the GigaVUE‑FM user interface, GigaVUE‑FM validates if the user is logging in using the internal IdP or External IdP (organization IdP), based on which the signing-in process differs. Refer to the following sections for details:

GigaVUE‑FM Configured with Internal IdP

If GigaVUE‑FM is configured with internal IdP:

  1. GigaVUE‑FM sends a request to Shibboleth for authentication.

Note:  GigaVUE‑FM's custom certificate and service provider certificate are the same. To install custom certificate, refer to the Trust Store section for more details.

  1. Shibboleth reads and verifies the Authentication Type setting in GigaVUE‑FM and performs the authentication and authorization:
  • If the user group is configured and if the user group is a valid user group, then the user is allowed to log in to the GigaVUE‑FM user interface.
  • If the user group is not configured:
    • if a default user group is configured in GigaVUE‑FM, then the user is allowed to log in to the GigaVUE‑FM user interface using the default user group.
    • if a default user group is not configured in GigaVUE‑FM, then the user is not allowed to log in to the GigaVUE‑FM user interface.

Refer to the following flow diagram for detailed flow of the internal IdP process:

GigaVUE‑FM Configured with External IdP

If GigaVUE‑FM is configured with external IdP:

  1. GigaVUE‑FM sends a request to external organization IdP for authentication and authorization.

Note:   ADFS is the only qualified external IdP.

  1. Authentication and authorization takes place at the external IdP. Once authentication succeeds, external IdP will send the logged in user along with the user's group:
    • If user group is configured in external IdP and mapped appropriately to corresponding user groups in GigaVUE‑FM:
      • If the user group is a valid group, then the user will be able to login to the GigaVUE‑FM UI.
      • If the user group is not a valid user group, GigaVUE‑FM determines if a default user group is configured:
        • If a default user group is configured, then the user can log in to the GigaVUE‑FM user interface.
        • If a default user group is not configured, then the user cannot log in to the GigaVUE‑FM user interface.

    Note:  If the external IdP is not configured with GigaVUE‑FM specific user groups, then you must configure mapping between organization specific role/group and GigaVUE‑FM specific user group by enabling Organizational Group Mapping, based on which the user will be allowed to log in to the GigaVUE‑FM interface.

    Refer to the following flow diagram for the detailed flow of process:

    Refer to the Authentication Type for more details about the authentication types.