MicroStrategy ONE

Overview of Authentication Integration and Single Sign-On

With the explosive growth of the number of applications running within a typical business system, companies need ways to efficiently and securely manage user identities across the enterprise. MicroStrategy Web products address this need by supporting the ability to use an external authentication mechanism to authenticate users (that is, to verify that users are who they say they are), while still using MicroStrategy to authorize (that is, to permit access to a specific resource) those authenticated users. This eliminates the need to create a separate set of users for the MicroStrategy application if you already store your user information in an existing external repository. You can also store information about which users have access to the MicroStrategy Web application in that same external user repository.

MicroStrategy Web authentication can be integrated with third-party applications, such as portal server applications or identity management systems, to provide users with a single sign-on experience. MicroStrategy Web has built-in single sign-on support for four portal server applications— Microsoft SharePoint Portal Server, IBM WebSphere Portal Server, Oracle WebLogic Portal Server, and SAP Enterprise Portal Server. You can also provide a single sign-on experience when MicroStrategy Web is used with identity management systems or other portal server products, but you need to create a custom External Security Module to perform the necessary work.

Authentication integration can take many forms. For example, if you traditionally store your user information in an LDAP directory, your user can sign in with LDAP credentials and Intelligence Server can connect to the LDAP server and perform the authentication in conjunction with LDAP. In the same scenario, if you use an identity management application, such as CA SiteMinder, to provide single sign-on in your enterprise, the authentication process can be customized so that the identity management application works with the LDAP server to perform user authentication. In the first alternative, MicroStrategy performs both authentication and authorization; in the second alternative, MicroStrategy simply performs the authorization and the identity management application performs the authentication.

The mechanism normally used to customize the authentication process in MicroStrategy Web products is the External Security Module (ESM). You create a custom ESM that codifies your authentication requirements and logic and tell MicroStrategy Web to use it instead of the default ESM. See Customizing Authentication for a detailed explanation of how to create a custom ESM.

The following topics provide a high-level discussion of authentication and single sign-on in a MicroStrategy Web environment:

  • Terms and Concepts

    This topic provides a brief explanation of general terms related to authentication and single sign-on in a MicroStrategy environment.  

  • Session Creation and Management

    This topic discusses the creation and management of MicroStrategy user sessions, which are synonymous with user authentication in a MicroStrategy environment.  

  • Authentication Modes

    This topic discusses the authentication modes that MicroStrategy Web supports out-of-the-box, for use in validating users.  

  • Gathering User Credentials

    This topic describes the different ways that identifying information can be passed to MicroStrategy Web for use in authenticating a user and creating a user session.  

  • Connection Mapping

    This topic describes how to create a link between a MicroStrategy user, a database connection, and a database login.

  • Authentication Workflow

    This topic gives a high-level overview of the default authentication workflows to provide a basis of understanding for customizing authentication.  

  • External Security Module

    This topic describes the External Security Module (ESM) and discusses how it can be used to integrate external security mechanisms and policies into MicroStrategy Web products without having to modify original source code.  

  • Single Sign-On

    This topic describes how single sign-on to MicroStrategy Web can be accomplished, including a discussion of environments that support single sign-on to MicroStrategy Web, as well as single sign-on entry points, prerequisites, and workflow. Descriptions include a discussion of the use of a custom External Security Module (ESM) in custom implementations.  

Detailed information about customizing authentication is provided under Part II of Customizing MicroStrategy Web.