Single Sign On
Displayr supports Single Sign On to allow users to log in without needing another password. When Single Sign On is enabled then your company's password system decides who can use Displayr, and which dashboards they can see. Please note this feature is only available Displayr Enterprise customers. Please contact us at firstname.lastname@example.org for enquiries.
- You are a Displayr administrator. (You are in the Administrators group in Displayr.)
- Your company's password system ("Identity Provider") supports SAML2 Web Browser Single Sign-On (also known as the "SP Redirect Request; IdP POST Response" profile). E.g Microsoft Azure Active Directory. You will need help from an administrator of that system.
- Your company has a subdomain. e.g. mycompany.displayr.com. If you don't have one, please contact Displayr support. Once enabled, non-SSO logins must use app.displayr.com
Steps to enable
- Do you have a subdomain set up for you, e.g. mycompany.displayr.com? If not please contact Displayr support to have this set up for you before you continue these steps.
- Click on the cog wheel at the top right and then Account.
- Select the Settings pane.
- Scroll down and click on Configure Single Sign On (SAML).
- Tick Enable SAML.
- Have your password system's administrator fill in the other fields. Hover over the ?'s to get more information. If you are using Microsoft Azure Active Directory, see https://docs.microsoft.com/en-gb/azure/active-directory/saas-apps/displayr-tutorial for detailed instructions.
- Click Save.
Here is an example of what the settings might look like once completed:
Known Supported Password Systems
Displayr should work with any complete implementation of SAML 2.0. The systems below have been found to work:
Microsoft Azure Active Directory
We have streamlined support for Azure Active Directory, so that you can quickly configure your Active Directory to work with Displayr SSO. The setup steps can be found here: https://docs.microsoft.com/en-gb/azure/active-directory/saas-apps/displayr-tutorial
See Single Sign On - Custom Implementation for help on building your own implementation of SAML 2.0, which will work with Displayr.
Users will be assigned to groups in Displayr based on the groups that they were given on your company's password system. Displayr groups control which dashboards each user can see. Your company's password system administrator must supply the codes for each security group that should be matched to Displayr. Any groups that are left blank here will be ignored by Single Sign On, and must be managed manually in Displayr.
Different Types of Users
Displayr allows a mixture of manually-configured users (identified with e-mail addresses and passwords, as normal), and users who come in via Single Sign On. Single Sign On users will only appear in the Displayr Users list after successfully logging in. Either type of user can be manually put in any Displayr group. Further, Single Sign On users will be automatically added to or removed from groups each time they log in, according to your company's password system.