/build/static/layout/Breadcrumb_cap_w.png

Experience with Single Sign On?

We've been using KACE for almost four years, but we're only now thinking of implementing SSO.  What are your experiences with SSO, bad or good?

We had initially decided not to use SSO because we have a large mobile userbase, and wanted users to have the same experience getting to KACE inside the office, as they would outside the office.  

Right now, logging into KACE takes 10-20 seconds (I don't know if that's to be expected for KACE aaS or unusual.  I tried pointing KACE to multiple DCs, but they were all about the same), which I think is a deterrent to users logging in and actually accessing the ticket queues and KB, etc. We have self-help resources that I know users access, so if we moved them into the KB, I wonder what the user's experience would be.

Thoughts:
Ease of configuring?  Our users are in two OUs in one AD domain, soon to be one OU.  I already import users through LDAP, and they can log in with AD credentials, so I would think it should work without much more work. (I know there are potential browser settings to configure.)
Reliability?  What might cause SSO to fail?  If it fails, will it revert to the sign in page?
Does it take 10-20 seconds to log them in the first time, then allow them back in quickly as long as the session hasn't timed out?
If the computer is off the network, but KACE can talk to a DC, will it allow them in using SSO, or make them enter their username and password?
Pre-Windows 2000 user logon names are set to lastnamefirstinitial (ex. SmithJ) while "modern" user logon names (email) are firstname.lastname (ex John.Smith).  Right now, users can log onto KACE with their legacy username, but not email.  If they log into their computer with their email, will this cause an issue with SSO?

I've read through the documentation, several threads on the subject here, and KB articles from Quest, so I'm more interested in personal experiences.

Edited title to better reflect the question.

1 Comment   [ + ] Show comment
  • Is SSO auth even an option? I was under the impression that KACE has to use LDAP and that's the only option other than local auth. Let us know if you've learned anything else. - JasonEgg 5 years ago

Answers (0)

Be the first to answer this question

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ