Identity managers

<< Click to Display Table of Contents >>

Navigation:  Integration and authentication >

Identity managers

Overview

Bizagi Cloud supports integration with Identity Management services by means of industry standards, such as the OAuth and OpenID Connect protocol.

Identity managers in Bizagi Cloud provide secure sign-in capabilities and compliance to your security and authentication policies.

 

Authentication possibilities

Bizagi Cloud supports the following authentication systems/types:

 

Azure Active Directory (Azure AD): This type offers a Single Sign-on experience, while relying on the OAuth and OpenID Connect protocol.

For more information about this alternative, refer to Azure Active Directory Authentication.

 

Federated authentication: This type offers a single sign-on experience, while connecting to Microsoft ADFS 3.0 and relying on the the WS-Federation protocol.

For more information about this alternative, refer to Federated authentication.

 

LDAP: This type connects to an on-premises LDAP system and requires VPN setup.

For more information about this alternative, refer to LDAP authentication.

 

Windows: This type connects to an on-premise Microsoft AD (similarly as with LDAP authentication).

For more information about this alternative, refer to Windows authentication.

 

Bizagi: This type uses Bizagi’s local authentication mechanism, while allowing you to enforce your security policies for passwords and accounts.

For more information about this alternative, refer to Bizagi authentication.

 

OAuth: This type offers a Single Sign-on experience, while relying on the OAuth and OpenID Connect protocol for your Bizagi project to delegate authentication to an identity provider different than Azure AD  such as another Bizagi project.

For more information about this alternative, refer to OAuth authentication.

 

Technical details and specs

Consider the standards and protocols supported by the different authentication types.

The table below presents information for those most common types used, which integrate to your systems and are most recommended in Bizagi Cloud (recommendations ordered from top to bottom).

 

AUTHENTICATION TYPE

CHARACTERISTICS AND SUPPORT

TECHNICAL SPECS

(PROTOCOLS AND STANDARDS)

Azure AD

Azure AD service supported (from a subscription provided by the customer).

Does not require VPN setup.

Supports a Single Sign-On experience for active browser sessions (not at a network-level).

Relies on the OAuth 2.0 protocol and its OpenID extension.

Federated

Microsoft ADFS 3.0 supported.

Does not require VPN setup.

Supports a Single Sign-On experience for active browser sessions (not at a network-level).

Relies on WS-Federation protocol (involves WS-Trust).
This protocol uses assertions based on the SAML token spec, version 1.1, though these are not entirely SAML-compliant.

LDAP

Microsoft AD supported.

Requires VPN setup, given that such LDAP system is usually installed on-premises.

Supports a "Same Sign-On" concept, while it doesn’t support a Single Sign-On experience.

Relies on standard LDAP protocol (e.g, connecting via an LDAP URL with filters as supported by LDAP format).

 

Important

Please bear in mind the following:

1.It is the customer's responsibility to manage end user accounts and their access to Bizagi’s Work portal, and their responsibility to ensure they enforce adequate security policies for these accounts and their passwords.

2.Regardless of the chosen Identity manager, customers need to synchronize the authorized accounts for Bizagi Work portal (even though for integrated authentication, passwords are not stored in Bizagi when doing so).

When synchronizing users with Bizagi Cloud, users are uniquely defined by their domain and username combination.