Mac Lewandowski
Accessing Dataedo Portal
Find out, what are the options for accessing the Dataedo Portal, the differences between them, and how to configure options.
If you are not using Active Directory login method, you should disable it through settings to ensure security as it is common that default environment is available already, and that can lead to giving everyone who has an AD account an access to the Dataedo Portal. If you are using Active Directory, you may want to remove or limit permissions assigned to default groups.
Login options in Dataedo Portal
Through System settings in the Dataedo Portal, you can set allowed login methods. This configuration is the main firewall and overwrites any further configurations. For instance, even if you have SSO configured, when it is disabled above it won't be available to your Users.
Based on the above settings the login form can change slightly.
Auth flow
Auth flow is different for a different methods. Starting from version 10.2, the authorization is done with Permissions in Dataedo Portal.
Please note, that checking if login is in the User Group for SQL Server is in fact, checking if login belongs to the user, who is in the Users Group (since for SQL Server login and user are not always the same).
Account creation flow
When a user completes authentication and initial authorization flow, but his account does not exist in dbo.licenses (the user logs in for the first time and didn’t previously have any explicit permissions assinged), then the row is added and the user is granted access to Dataedo Portal, based on default groups.
Please ensure that the default group setting is set correctly, as the default group is assigned to EVERY new user, who is authorized with any enabled login option. For instance, if the newcomer is granted an AD account, and the AD login option is enabled, then the newcomer with being granted all default groups upon the first login. This is a very useful feature for scaling purposes but can be potentially harmful if not configured correctly.
Find out more details in the Users management article.
Single session mechanism
In the Dataedo Portal, following security guidelines, we implemented a single session mechanism. It means one user can access Dataedo Portal only from one device at once. Upon login on a new device, all older sessions are closed.
Please note that even if you are using Dataedo Portal through two browsers on one device - they will still require two sessions - so login in the new browser will end your session in the other browser.