Authentication

Introduction

SAS Visual Analytics uses platform-level functionality for authentication. See Authentication Model in the SAS Intelligence Platform: Security Administration Guide. For information about authentication for mobile devices, see the SAS Intelligence Platform: Middle-Tier Administration Guide.
This topic provides details that are specific to SAS Visual Analytics.

Shared Accounts for Self-Service Imports

To enable users to import data under a shared account, configure SAS token authentication for a general purpose workspace server. See SAS Token Authentication in the SAS Intelligence Platform: Security Administration Guide.
To set up multiple levels of access, use multiple shared accounts. Here is a summary of one approach:
  1. For each distinct set of secured resources, create a service account that can authenticate to the SAS LASR Analytic Server. Make sure the account has the privileges that are required to operate the server and load data. See Host Account Privileges.
  2. For each service account, create a SAS Application Server that contains a standard workspace server. See Add a New Server.
  3. Configure each standard workspace server for SAS token authentication. For each standard workspace server, use a different service account as the launch credential. See How to Configure SAS Token Authentication in the SAS Intelligence Platform: Security Administration Guide.
  4. For each SAS Application Server, create a corresponding SAS LASR Analytic Server instance. Assign a unique signature files directory to each instance. Give each service account exclusive host access to the signature files directory for its server instance. See Add a SAS LASR Analytic Server.
  5. For each SAS LASR Analytic Server instance, create one or more LASR libraries. Assign each library to the SAS Application Server that corresponds to the library’s SAS LASR Analytic Server instance. See Add a LASR Library and Which Server is Used?.
  6. On the Authorization tab for each SAS Application Server and SAS LASR Analytic Server instance, limit ReadMetadata access. See Hide Server Definitions in the SAS Intelligence Platform: Security Administration Guide.
    Note: Keep the initial SAS Application Server (for example, SASApp) available for general use.

Policy for Concurrent User Logins

SAS Visual Analytics does not support deny or logoff values for the Policy.ConcurrentUserLogins property. For successful interactions with the SAS LASR Analytic Server, make sure this property is set to allow.
The Policy.ConcurrentUserLogins property is documented in Disabling Concurrent Sign In Sessions in the SAS Intelligence Platform: Middle-Tier Administration Guide.
Last updated: December 18, 2018