Accessing Web Catalog

Mac Lewandowski - Dataedo Team Mac Lewandowski 6th April, 2022
Applies to: Dataedo 10.x versions, Article available also for: 24.x (current), 23.x
You are looking at documentation for an older release.
Switch to the documentation for Dataedo 24.x (current).

Accessing Dataedo Web Catalog

Find out, what are the options for accessing the Dataedo Web Catalog, the differences between them, and how to configure options.

If you are not using Active Directory login method, you should disable it through settings to ensure security as it is common that default environment is available already, and that can lead to giving everyone who has an AD account an access to the Web Catalog. If you are using Active Directory, you may want to remove or limit permissions assigned to default groups.

Login options in Dataedo Web Catalog

Through System settings in the Web Catalog, you can set allowed login methods. This configuration is the main firewall and overwrites any further configurations. For instance, even if you have SSO configured, when it is disabled above it won't be available to your Users.

Login methods

Based on the above settings the login form can change slightly.

Login

Auth flow

Auth flow is different for a different methods. Starting from version 10.2, the authorization is done with Permissions in Dataedo Web Catalog.

Auth flow

Please note, that checking if login is in the User Group for SQL Server is in fact, checking if login belongs to the user, who is in the Users Group (since for SQL Server login and user are not always the same).

Account creation flow

When a user completes authentication and initial authorization flow, but his account does not exist in dbo.licenses (the user logs in for the first time and didn’t previously have any explicit permissions assinged), then the row is added and the user is granted access to Dataedo Web Catalog, based on default groups.

Please ensure that the default group setting is set correctly, as the default group is assigned to EVERY new user, who is authorized with any enabled login option. For instance, if the newcomer is granted an AD account, and the AD login option is enabled, then the newcomer with being granted all default groups upon the first login. This is a very useful feature for scaling purposes but can be potentially harmful if not configured correctly.

Find out more details in the Users management article.

Single session mechanism

In the Dataedo Web Catalog, following security guidelines, we implemented a single session mechanism. It means one user can access Dataedo Web Catalog only from one device at once. Upon login on a new device, all older sessions are closed.

Please note that even if you are using Dataedo Web Catalog through two browsers on one device - they will still require two sessions - so login in the new browser will end your session in the other browser.