Log in to API7 Dashboard with SSO

Single Sign-On (SSO) allows users to log in once and access multiple systems without re-entering credentials. It improves efficiency, enhances user experience, and strengthens security by eliminating the need for multiple passwords.

In API7 Enterprise, you can use multiple login options simultaneously. It is possible to create users within API7 Enterprise while also importing them from other existing systems.

Architecture

Take LDAP as an example:

1. User Login Request: Users enter their username and password when logging into API7 Enterprise.
2. LDAP Verification: API7 Enterprise transfers the credentials provided by the user to the LDAP server for verification.
3. Authentication: The LDAP server verifies whether the user's credentials match the user information stored in the LDAP directory.
4. Authorization: If verification is successful, the LDAP server returns authorization information to API7 Enterprise, and the system authorizes the user to access corresponding resources based on this information.
5. Accessing Resources: Users access API7 Enterprise with the verified identity without having to re-enter credentials.

Prerequisites

1. Obtain a user account with Super Admin role.

Configure SSO with LDAP

To configure SSO with LDAP, follow these steps:

1. Select Organization > Settings from the top navigation bar.

2. Click Add Login Option.

3. Fill in the Add Login Option form:

   • Name: the unique LDAP login name. For example Employee Account.
   • Host: the LDAP host domain. For example, ldap.example.com.
   • Port: the LDAP port ID. For example, 1563.
   • Base Distinguished Name: the LDAP Base Distinguished Name (DN). For example, oc=users,dc=org,dc=example.
   • Bind Distinguished Name: the LDAP Bind Distinguished Name (DN) used to perform LDAP search for the user. This LDAP Bind DN should have permissions to search for the user being authenticated. For example, cn=admin,dc=org,dc=example.
   • Bind Password: the LDAP bind password used to authenticate with the LDAP server.
   • Identifier: the attribute used to identify LDAP users. For example, cn.
   • Attributes Mapping: map API7 internal fields to related LDAP attributes to seamlessly integrate and synchronize data.

4. Click Add.

Login for LDAP Authentication

To log in to API7 Dashboard using LDAP, follow these steps:

1. Visit the API7 Dashboard at http://localhost:7080.
2. Click Login with Employee Account.
3. Enter your username and password.
4. Click Login.

Delete Imported Users

If you delete a user with SSO login options in Users, it only means that the user will lose all their roles. However, they can still log in to the API7 Dashboard as a new user. To completely block their access to the API7 Dashboard, you must delete them from the original system.

Assign Roles for Imported Users

All newly imported users will be assigned the Viewer role by default until the Super Admin assigns them different roles.

Delete a Login Option

danger

Deleting a login option will result in the removal of all users associated with it.

1. Select Organization from the top navigation bar, then choose Users.
2. Check if there are any users still using this login option. If yes, notify them first.
3. Select Organization from the top navigation bar, then choose Settings.
4. Click Delete of the target login option.
5. Double confirm.