Single Sign-On in the SAS Intelligence Platform

For desktop applications such as SAS Information Map Studio, SAS Enterprise Guide, SAS Data Integration Studio, SAS OLAP Cube Studio, and SAS Management Console, you can use the following single sign-on features:

You can enable Web authentication so that users will not receive a logon prompt when they launch SAS Web applications such as SAS Web Report Studio and the SAS Information Delivery Portal. In this configuration, SAS Web applications use whatever authentication scheme you have set up in your Web environment. For example, if your Web environment is integrated with a third-party authentication provider, then the SAS Web applications participate in that scheme.

Seamless access to SAS Stored Process Servers, SAS OLAP Servers, SAS Content Servers, and SAS Pooled Workspace Servers is provided through SAS token authentication. This mechanism causes participating SAS servers to accept users who are connected to the metadata server. No individual external accounts are required, no user passwords are stored in the metadata, and no reusable credentials are transmitted.

Seamless access to SAS Workspace Servers can be provided through SAS token authentication, Integrated Windows authentication, or credential reuse. With credential reuse, when a user provides credentials in the initial logon dialog box, the credentials are added to the user's in-memory credential cache (user context) and then retrieved when access to the workspace server is required.

You can also use Integrated Windows authentication to provide direct connections to OLAP servers (for example, from a data provider) when there is no active connection to the metadata server.