External Providers
SmarterStats allows you to connect its user authentication checks to an external database or other system, instead of storing passwords inside of SmarterStats itself. This external system is based on code that you create before applying the settings in this section. For more information about creating an External Login Provider see the help topic Creating an External Login Provider.
For more information about how the External Login Provider changes how SmarterStats works, please refer to the section below entitled How External Login Providers Change SmarterStats.
To access this section, click the Setting icon and then click External Providers in the navigation pane. The external provider settings will load in the content pane, and the following options will be available in the content pane toolbar:
- Save - Saves any changes made on the page.
- Test - Once you have configured the properties of your provider, you can use this button to attempt a test connection to it. This test will only ensure that it receives a properly formatted result from the provider, and will not validate a proper user login.
- Upload Certificate - If you choose to protect your external provider with a client certificate, this option is how you will upload the certificate to SmarterStats for it to send with the request.
- Delete Certificate - This button will only appear if you have already uploaded a client certificate to SmarterStats to use for external provider calls. It allows you to delete the certificate from the calls.
The following tabs will be available in the content pane:
- URL - Enter the full URL to your external login provider, including the HTTP:// or HTTPS:// and the endpoint to use. For instance, it may look like this: https://externalproviders.example.com/login
- Forgot Password URL - Sites that have their authentication method set to External Login Provider will not be able to use the forgot password functionality. If you have your own web form or system for password recovery, enter the URL that the forgot password page should direct users to. If left blank, a simple notification will instruct users to contact their administrator.
- Force all sites to use this URL - Checking this box will force all sites to redirect to the location set in Forgot Password URL, even if the sites are not set to use external authentication. Use this if you have your own systems or restrictions in place for lost passwords. If Forgot Password URL is blank, this option has no effect.
- Client Certificate - The current state of the client certificate that has been uploaded to SmarterStats. For more information on this topic, see Creating an External Login Provider.
- HTTP Headers to Send - If you wish to send any custom headers with calls to your external provider, enter them here. Each header should be on a separate line, and be formatted as Key:Value pairs. For example: x-access-token: MYTOKENHERE. For more information on this topic, see Creating an External Login Provider.
- Allow Provider to Create Users - By default, SmarterStats will only call the external providers for users that are already configured within SmarterStats. If you wish all calls for configured sites to go to the provider and allow the provider to create new users, check this option. It is vital if you use this option to validate the site ID and confirm that the user requesting access should be allowed to access that specific site.
How an External Login Provider Changes SmarterStats
Use of an external login provider can change the way SmarterStats works, and how users and site administrators interact with SmarterStats, in some fundamental ways. Once configured, the provider can be turned on for selected sites, or all sites at once using propagation from Site Defaults. Some of the changes within SmarterStats, once the authentication method is changed to External Provider, include:
- Users will no longer be able to use Forgot Password, unless a Forgot Password URL is configured by the system administrator. (See above.)
- Users will no longer be able to change their password from within SmarterStats.
- Site administrators will no longer be able to add or delete users.
- System administrators WILL be able to add or delete users when impersonating into a site.
- If the external provider is unavailable or has an error, no users on sites that use it will be able to log in until the provider has been restored or if the sites are changed to Internal authentication and passwords are reset.
- The system administrator will always be able to log in, and their authentication is never tied to the provider.
- If a site's authentication is set to "External Login Provider" and then changed back to "Internal" later, some users may not be able to authenticate until you set a new password for them or they use their email address to do a password reset, (If they have an email address configured for their user.)