What's New

Kepion Authentication Options

By - Mar 01, 2018

In addition to the on-premises Windows Server Active Directory (Windows AD), Kepion is now integrated with Azure Active Directory (Azure AD), which provides you with the following benefits:

  • You can control in Azure AD who has access to Kepion
  • You can enable your users to automatically get signed-on to Kepion (Single Sign-On) with their Azure AD accounts

There are three types of authentication modes Kepion supports. We will explain each scenario in this article.

Option 1: Windows AD

This is the default authentication option when you set up a Kepion server. All servers in the environment are joined to an on-premise Windows AD domain (e.g. CORP). Users can login with their Windows AD credentials, e.g. CORP\USER, where CORP is the domain and USER is the login name.

Feature Description
Authentication
  1. Windows AD credentials can be configured to any server as all the machines belong to the same domain (e.g. CORP).
  2. Users login to Kepion with their Windows AD account, i.e. CORP\USER1
  3. Users connect to SSAS with their Windows AD account, i.e. CORP\USER1
Groups Full Windows AD group support.
SSAS Security Fully integrates with SSAS security for both Kepion and 3rd party client tools.

 

Option 2: Azure AD Integrated

Windows AD and Azure AD are sync’d together as one. Users can login with either their Windows AD or Azure AD credentials, i.e. CORP\USER or USER@CORP.COM.

If your users are currently using Windows AD credentials to access Kepion, and you’d like to integrate with Azure AD, consult IT at your organization about how to sync up Windows AD and Azure AD. Azure provides services to help with that.

Feature Description
Authentication
  1. Windows AD credentials can be configured to any server as all the machines belong to the same domain (e.g. CORP).  Azure AD credentials can be validated and resolved to their Windows AD equivalent.
  2. Users login to Kepion with their Azure AD account, e.g. USER1@CORP.COM. Only Azure users with a corresponding domain account will be supported.
  3. Users connect to SSAS with either their Windows AD account e.g. CORP\USER1 or Azure AD account e.g. USER1@CORP.COM.
Groups Full Windows AD group and Azure AD group support.
SSAS Security Fully integrates with SSAS security for both Kepion and 3rd party client tools.

 

Option 3: Azure AD Stand-alone

Azure AD and the on-premise Windows AD are separate services without any sync between them. Users can only login with their Azure AD credentials, i.e. USER@CLOUD.COM.

Feature Description
Login
  1. Azure AD is on its own domain (e.g. CLOUD). Kepion servers are joined with a Windows AD (e.g. CORP), or not joined with any domain. Within the Kepion web server, Azure AD credentials cannot be validated.
  2. Users login to Kepion with their Azure AD account, e.g. USER1@CLOUD.COM.
  3. Kepion will not publish security users to SSAS as Azure AD users are not valid within the Kepion web server. Thus, users will not be able to directly connect to SSAS using Azure AD.
Groups Full Azure AD group support.
SSAS Security Security is applied when accessing SSAS through Kepion server. However, 3rd direct access to SSAS using Azure AD is not supported.

 

Which Azure AD Authentication Works Best for You?

Use the summary below to help determine which Azure AD authentication works best for your organization.

Authentication Mode Login to Kepion User Type Supported Connect to SSAS from 3rd Party Tools?*
Windows AD Windows AD credential

(e.g. CORP\USER1)

Windows AD User

Windows AD Group

Local Machine User

Windows AD credential

(e.g. CORP\USER1)

Azure AD Integrated Azure AD credential

(e.g. USER1@CORP.COM)

Azure AD User

Azure AD Group

 

Windows AD credential

(e.g. CORP\USER1),

or Azure AD credential

(e.g. USER1@CORP.COM)

Azure AD Stand-alone Azure AD credential

(e.g. USER1@CORP.COM)

Azure AD User

Azure AD Group

Not supported

*It includes 3rd party tools that try to connect to Kepion-generated SSAS cubes, e.g. Excel PivotTable.

 

How to Integrate Kepion with Azure AD?

Now you’ve figured out either Azure AD Integrated or Azure AD Stand-alone works best for you, let’s check out the next steps.

 

Azure AD Integrated

To configure the Azure AD Integrated mode, please check prerequisites based on the current AD setup on your Kepion web server. Follow this guide to verify if your Kepion web server is joined with a Windows AD domain or an Azure AD domain.

Is Kepion web server joined with a Windows AD domain? Is Kepion web server joined with an Azure AD domain? Prerequisites
Yes Yes You can start right away!
Yes No Consult IT at your organization about how to integrate Windows AD domain to the Azure AD domain.
No No Consult IT at your organization about how to join the Kepion web server to a Windows AD domain and Azure AD domain.

Once your Kepion web server is joined with both Windows AD and Azure AD, follow this guide to get started. There are three main steps:

  • Azure Portal Setup
  • Kepion Server Setup -> Azure AD Integrated
  • Connect to Kepion

 

Azure AD Stand-alone

To configure the Azure AD Stand-alone mode, follow this guide to get started. There are three main steps:

  • Azure Portal Setup
  • Kepion Server Setup -> Azure AD Stand-alone
  • Connect to Kepion

 


Facebooktwitterlinkedinmail