User management in Sigrid

When managing user access to Sigrid we need to consider both Authentication (can you enter?) and Authorisation (what can you see?).

Sigrid offers two ways of managing Authentication and one type of Authorisation.

This page describes the options and the technical setup.

Authentication mechanisms

1. Using the Sigrid user management module

With this module, a Sigrid administrator can perform all the basic authentication tasks out of the box.

Note

Sigrid administrator tasks

Setup customer side

2. Using Single Sign On (SSO) with an Identity Management Provider (IdP)

When Sigrid is linked to your SSO the user provisioning is done by the IdP. Sigrid supports SAML or OpenID Connect protocols.

Note

Sigrid administrator tasks

Setup on client side

Create an Enterprise application ‘app’ in your IdP with the following details:

With the following Attributes & Claims:

Your user Namespace + SAML attribute name as expected by Sigrid
user email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
user last name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
user first name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/given_name
unique user identifier emailaddress

Other

Then assign groups of users to your Authentication app.

Example Active Directory

Example OneLogin

Please see the separate OneLogin page.

Info to provide to SIG

Provide SIG with the ‘App federation MetadataURL’ of your authentication app. The information will include your app’s identifier, redirectURL etc.

Deliverables

SIG will setup SSO for you. You will have your own customer-specific URL Sigrid. https://customername.sigrid-says.com

Authorisation in Sigrid

The product team is actively developing the user management pages to cater to more use cases. At the moment the user manages the following functions.

Two types of users

Sigrid has two types of users, the normal users that have access to a list of 1 to all systems and the Sigrid administrators that can edit all the users including other administrators.

System level access

An administrator can specify on system level the access any user in the portfolio has. In order to make the authorisation easier, filters can be applied on teams or divisions to allow for bulk assignments.

Passwords

The administrator can help users by resending a forgotten password or the initial temporary password. When a user has confirmed their password, they can request a new password themselves

Contact and support

Feel free to contact SIG’s support department for any questions or issues you may have after reading this document, or when using Sigrid or Sigrid CI. Users in Europe can also contact us by phone at +31 20 314 0953.