External Providers
SmarterStats allows you to connect its user authentication checks to an external database or other
system, instead of storing passwords inside of SmarterStats itself. This external system is based
on code that you create before applying the settings in this section. For more infomation about
creating an External Login Provider see the help topic
Creating an External Login Provider.
For more information about how the External Login Provider changes how SmarterStats works, please refer to
the section below entitled How External Login
Providers Change SmarterStats.
To access this section, click the Setting icon and then click External Providers in the
navigation pane. The external provider settings will load in the content pane, and the following options
will be available in the content pane toolbar:
- Save - Saves any changes made on the page.
- Test - Once you have configured the properties of your provider, you can use this button
to attempt a test connection to it. This test will only ensure that it receives a properly formatted
result from the provider, and will not validate a proper user login.
- Upload Certificate - If you choose to protect your external provider with a client certificate,
this
option is how you will upload the certificate to SmarterStats for it to send with the request.
- Delete Certificate - This button will only appear if you have already uploaded a client
certificate
to SmarterStats to use for external provider calls. It allows you to delete the certificate from the
calls.
The following tabs will be available in the content pane:
- URL - Enter the full URL to your external login provider, including the HTTP:// or HTTPS://
and the endpoint to use. For instance, it may look like this:
https://externalproviders.example.com/login
- Forgot Password URL - Sites that have their authentication method set to External Login Provider
will not
be able to use the forgot password functionality. If you have your own web form or system for password
recovery,
enter the URL that the forgot password page should direct users to. If left blank, a simple notification
will instruct users to contact their administrator.
- Force all sites to use this URL - Checking this box will force all sites to redirect to the
location set in Forgot Password URL, even if the sites are not set to use external authentication. Use
this if you have your own systems or restrictions in place for lost passwords. If Forgot Password URL is
blank, this option has no effect.
- Client Certificate - The current state of the client certificate that has been uploaded to
SmarterStats.
For more information on this topic, see Creating an External Login Provider.
- Http Headers to Send - If you wish to send any custom headers with calls to your external
provider,
enter them here. Each header should be on a separate line, and be formatted as Key:Value pairs. For
example: x-access-token: MYTOKENHERE.
For more information on this topic, see Creating an External Login Provider.
- Allow Provider to Create Users - By default, SmarterStats will only call the external providers
for users that
are already configured within SmarterStats. If you wish all calls for configured sites to go to the
provider and allow
the provider to create new users, check this option. It is vital if you use this option to validate the
site ID and confirm that
the user requesting access should be allowed to access that specific site.
How an External Login Provider Changes SmarterStats
Use of an exteral login provider can change the way SmarterStats works, and how users and site
administrators interact with SmarterStats, in some fundamental ways. Once configured, the provider can be
turned on for selected sites, or all sites at once using propagation from Site Defaults. Some of the
changes within SmarterStats, once the authentication method is changed to External Provider, include:
- Users will no longer be able to use Forgot Password, unless a Forgot Password URL is configured by the
system administrator. (See above.)
- Users will no longer be able to change their password from within SmarterStats.
- Site administrators will no longer be able to add or delete users.
- System administrators WILL be able to add or delete users when impersonating into a site.
- If the external provider is unavailable or has an error, no users on sites that use it will be able to
log in until the provider has been restored
or if the sites are changed to Internal authentication and passwords are reset.
- The system administrator will always be able to log in, and their authentication is never tied to the
provider.
- If a site's authentication is set to "External Login Provider" and then changed back to "Internal"
later, some users may not be able to authenticate
until you set a new password for them or they use their email address to do a password reset, (If they
have an email address configured for their user.)
Copyright © SmarterTools Inc. All rights reserved.