Beginning in GlobalSearch 6.1, user authentication can be performed through 3rd party services including Okta and Azure Active Directory. Square 9 does not resell, support, or configure these authentication platforms, but customers leveraging a supported authentication provider can use these services to manage authentication from GlobalSearch. For providers that support it, support for SCIM provisioning of Groups and Users in GlobalSearch is also available.
Square 9's authentication model when working with 3rd party authentication services is based on OpenID Connect (OIDC). OIDC is a standards based layer built on top of OAuth 2.0. If you are using authentication services from a 3rd party provider, Square 9 does offer development services to extend the provider authentication model to other offerings. Contact your Square 9 sales agent for more details. Do note:
- Integration with 3rd party Auth providers requires the provider to support an OIDC login flow. Legacy SAML connections are not supported.
- Optionally, user provisioning can also be enabled for any providers that support SCIM 2.0.
- If you are unsure if your provider supports OIDC login flows, Square 9 can assist in understanding capabilities. Contact us if you have specific questions about adding support for your provider. It should not be presumed that any provider will work without specific configuration and setup changes on the Square 9 side.
- Square 9 recommends all GlobalSearch users be provisioned with an email address as their username. For 3rd party authentication, email address is a required attribute of user in the provider, and corresponding GlobalSearch users MUST be in email address format. Any GlobalSearch users that are not in the format of an email address will need to be converted or recreated.
- Permissions are still managed using standard GlobalSearch administration interfaces. Administrators are strongly encourage to leverage Groups to manage permissions for Square 9 and 3rd Party Auth users.