MicroStrategy ONE

Select an Authentication Mode at the Application Level

Starting in MicroStrategy 2021 Update 9, this feature is shipped out-of-the-box.

MicroStrategy 2021 Update 8 introduced the ability to specify different default authentication modes per application as a preview feature.

  1. Edit the following Library server config file:

    MicroStrategyLibrary/WEB-INF/classes/config/configOverrides.properties

  2. Add features.auth.applicationAuthModes.enabled=true.

  3. Restart the Library server.

  4. Enable preview features in Workstation.

You can configure what authentication modes are available for different applications, as well as specify a default authentication mode. After provisioning SAML, OIDC, or LDAP configurations for Library, the Application Editor allows the administrator to choose between using the server level configuration, or specifying which of these authentication modes are available for the application. The administrator can choose between Standard, OIDC, SAML and LDAP.

When the authentication mode in Library is set to "trust", applications cannot be configured to have specific authentication modes, and automatically use "trust", regardless of the selections made in the editor.

Library Web and Mobile Behavior

When using an application URL on Library web, Library mobile, or in the MicroStrategy application, the application’s default authentication dictates the default logging experience and the appearance of the login screen if applicable.

The authentication method used to start a user session through an application URL only influences the login experience. That is, once the user has authenticated and a user session has been created, the user may see or switch to other applications that they have access to and will not need to re-authenticate, regardless of the authentication modes configured in those other applications.

HyperIntelligence Clients

To always prioritize a single sign-on experience for end users, HyperIntelligence clients have special handling for SAML and OIDC. If either SAML or OIDC are enabled in the Library server, Hyper clients default to using one of them, regardless of the authentication methods configured in Applications. If only LDAP and Standard are configured, HyperIntelligence clients follow the default authentication mode configured in the Library server.

HyperIntelligence clients currently do not support application URLs. Say an application URL contains an application ID appended at the end of the default Library URL, as shown below.

https://FQDN/MicroStrategyLibrary/CustomApp?id=659DF5F399614770ACC306BD0BA7AA35

The current behavior is as follows:

  • HyperMobile truncates the custom app URL and removes CustomApp?id=659DF5F399614770ACC306BD0BA7AA35. This means it uses the default MicroStrategy Library URL.

  • HyperIntelligence for Web does not currently support an applications URL.