Overview

Overview of Single Sign-On

SSO is a process that allows pre-authenticated users to access GE Digital APM, without having to re-enter their credentials.

The GE Digital APM user logs on initially using a form-based enterprise login screen. SSO is a common procedure in enterprises, where a user logs in once and gains access to different applications without the need to re-enter log-in credentials at each application. SSO authentication facilitates seamless network resource usage. SSO mechanisms vary, depending on application type.

SSO advantages include:

Eliminates credential re-authentication.
Streamlines local and remote application and desktop workflow.
Minimizes phishing.
Improves compliance through a centralized database.
Provides detailed user access reporting.

GE Digital APM supports the following types of authentication for SSO:

Pass-through authentication
Enables the users to enter their Windows credentials in the GE Digital APM login page and GE Digital APM validates the credentials against Active Directory.
Security Assertion Markup Language (SAML) authentication
Enables the users to navigate to the SSO URL (hosted on the APM Application Server) that redirects the browser to a preconfigured URL (not hosted on the APM Application Server), which is the Identity Provider (IDP). If there are multiple databases, and when the user selects a database, the user account is then authenticated and the IDP provides the web browser a token through a cookie. If the token is valid, the user can access GE Digital APM.

About Host Names

Using the Host Names feature, you can:

Enable Single Sign-On (SSO) off-site authentication and SSO on-site authentication.
Filter Data Sources to access the related GE Digital APM database.
Create a unique URL to access GE Digital APM.

When you use a URL to access GE Digital APM, you can access the data sources that are mapped to the host name. For example, if two data sources (data_source1 and data_source2) are associated with a GE Digital APM server, you can create two different URLs (https://data_source1/meridium/index.html and https://data_source2/meridium/index.html) using the host names that are mapped to the data sources. If you log in to GE Digital APM with https://data_source1/meridium/index.html or https://data_source2/meridium/index.html, you can access data_source1 or data_source2, respectively.

In the Host Names page, you can add multiple host names. However, only the host name of the URL with which you have logged in to GE Digital APM is listed.