MicroStrategy ONE

Select an Authentication Mode at the Application Level

Starting in MicroStrategy 2021 Update 9, this feature is shipped out-of-the-box.

MicroStrategy 2021 Update 8 introduced the ability to specify different default authentication modes per application as a preview feature.

  1. Edit the following Library server config file:

    MicroStrategyLibrary/WEB-INF/classes/config/configOverrides.properties

  2. Add features.auth.applicationAuthModes.enabled=true.

  3. Restart the Library server.

  4. Enable preview features in Workstation.

You can configure which authentication modes are available for different applications and specify a default authentication mode. After provisioning SAML, OIDC, or LDAP configurations for Library, the Application Editor allows the administrator to choose between using the server-level configuration, or specifying which of these authentication modes are available for the application. The administrator can choose between Standard, OIDC, SAML, and LDAP.

Select the Application's Authentication Modes

  1. Open the Workstation window with the Navigation pane in smart mode.

  2. In the Navigation pane, click Applications. Authentication modes are listed for each application.

  3. Create or edit an application.

  4. Select the authentication modes. If you select Choose Specific Authentication Modes for the App, choose the authentication modes to use.

  5. To define an authentication mode as the default, hover your cursor over the mode and click Set As Default.

When the authentication mode in Library is set to "trust", applications cannot be configured to have specific authentication modes, and instead automatically use "trust", regardless of the selections made in the editor.

Library Web and Mobile Behavior

When using an application URL in Library web or Library mobile, the application’s default authentication dictates the default login experience and the appearance of the login screen, if applicable.

The authentication method used to start a user session through an application URL only influences the login experience. That is, once the user has authenticated and a user session has been created, the user may see or switch to other applications that they have access to and will not need to re-authenticate, regardless of the authentication modes configured in those other applications.

HyperIntelligence Clients

To always prioritize a single sign-on experience for end users, HyperIntelligence clients have special handling for SAML and OIDC. If SAML or OIDC is enabled in the Library server, Hyper clients default to using SAML or OIDC, regardless of the authentication methods configured in Applications. If only LDAP and Standard are configured, HyperIntelligence clients follow the default authentication mode configured in the Library server.

HyperIntelligence clients currently do not support application URLs. An application URL can contain an application ID appended at the end of the default Library URL, as shown below.

https://FQDN/MicroStrategyLibrary/CustomApp?id=659DF5F399614770ACC306BD0BA7AA35

The current behavior is as follows:

  • HyperMobile truncates the custom app URL and removes CustomApp?id=659DF5F399614770ACC306BD0BA7AA35. This means HyperMobile uses the default MicroStrategy Library URL.

  • HyperIntelligence for Web does not currently support application URLs.