You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
clear search
Home > LOGS SDMS > Persons and Accounts > Single-Sign-On (SSO) Configuration
Single-Sign-On (SSO) Configuration
print icon
Peter Bellstedt
Apr 13, 2026
views icon 2

 

LOGS supports Single Sign-On (SSO) to enable seamless and secure user authentication using an organization’s existing identity management system. SSO simplifies user access, centralizes identity administration, and ensures compliance with enterprise security policies.

SSO integration in LOGS is designed for institutional, corporate, and academic environments and supports common identity standards.

Supported SSO Technologies

LOGS can be integrated with the following authentication mechanisms:

  • OpenID Connect (OIDC)
  • LDAP(S)

 

This allows LOGS to connect to widely used identity providers such as:

  • Microsoft Entra ID
  • Institutional LDAP directories
  • Enterprise SSO platforms (e.g. Okta, Keycloak-based IdPs)


Authentication and Authorization Model

SSO in LOGS is used only for authentication (user identity verification).
Authorization and access control inside LOGS are handled separately.

Role-Based Access Control (RBAC)

Users authenticated via SSO are mapped to internal LOGS users.
Permissions are controlled using role and project based access control in LOGS and not mapped via the SSO profile information.

SSO Configuration Overview

SSO configuration is performed during onboarding or as part of a professional services project and typically involves the following high-level steps:

 

  1. Identity Provider Setup
    • An identity provider (IdP) is configured to trust LOGS as a service provider.
    • For OpenID connect LOGS is registered as Single Page Application
    • Required attributes (e.g. username, email, group information) are exposed.
  2. LOGS SSO Configuration
    • LOGS is configured to connect to the IdP using OIDC or LDAP.
    • For OpenID connect the Authority URL as well as the Client ID are needed
    • Attribute mappings are defined to link external users to LOGS user accounts.
    • A default user role is defined
  3. User Provisioning and Mapping
    • Users authenticate via SSO and are created automatically
  4. Access Control Configuration
    • LOGS roles are assigned to users after authentication based on default setting.


Security Considerations

All authentication traffic is encrypted.
Passwords are never stored in LOGS when SSO is enabled.
Authentication policies (e.g. MFA, password rotation, account lockout) are enforced exclusively by the identity provider.
SSO configurations comply with enterprise security and compliance requirements.


During the installation a local admin account is created and may be retained for emergency access, depending on deployment policy.

Feedback
0 out of 0 found this helpful

close button
scroll to top icon