Solar Archive Knowledge Base
  • 👋Welcome
    • Solar Archive's Structure
    • Contacting Support
    • Selling Email Archiving
    • White-label / Private Label
  • ⚡Quick Start
    • 1️⃣Creating a Tenant
    • 2️⃣Setting up Live Email Feed
    • 3️⃣Importing Old Email
    • 4️⃣Creating User Accounts
    • 5️⃣Checking Live Mail Receipts
    • ✅Finished Setup
    • 🆕Automated Onboarding
      • 1️⃣Admin Setup
      • 2️⃣Tenant Setup
      • 🔄Data Import
      • ☑️User Setup
  • 🧑‍🦲Managing Users
    • User Types
    • Creating Local User Accounts
    • Creating Basic User Accounts
    • Creating Data Guardian User Accounts
    • Creating Privileged User Accounts
    • Searching the User Directory
    • Adding a Delegation Link
    • Adding as Delegate
  • 🧙‍♂️Managing Tenants
    • Setting up a T1 Tenant
    • Setting up a T2 Tenant
    • Setting up a T3 Tenant
  • ⚙️Basic Configuration
    • Accessing Admin Options
    • Updating Company Information
    • Configuring Outbound Email Settings and Email Alerts
    • Configuring Global Account Settings
    • Managing Mail Server Connections
    • Configuring LDAP Settings
    • Managing Email Domains
    • Managing Email Addresses
    • Configuring Email Collector
    • Configuring SMTP Service Settings
    • Downloading / Emailing System Logs
    • Managing Exclusion Rules
  • ⚒️Advanced Configuration
    • Enabling Premium SSO
    • Configuring OAuth Connection Settings
    • Configuring Google Workspace OAuth and Service Account
    • Configuring Okta
      • Configuring Okta with SAML
      • Configuring Okta with SSO
    • Configuring Advance Company Settings
    • Setting Retention Period
    • Setting Search Date Limit
    • Setting Report Consolidation Period
    • Setting Case Folder Configuration Limits
    • Configuring Global Settings
    • Configuring SMTP Settings
    • Configuring Web Security Settings
    • Configuring System Alert Settings
    • Managing LDAP Search Filters
    • Viewing Company Summary
    • Managing Date Formats
    • Managing Headers
    • Configuring Error Email Respool Settings
    • Configuring De-Duplicated Email Respool Settings
    • Configuring Excluded Email Respool Settings
    • Configuring Windows File Share Settings
    • Tenant Deletion Procedure
    • Adding Custom Scripts to your Archive
    • Setting up Stubbing
    • OAuth Setup with Solar Archive
  • 🗃️Using the Archive
    • 🔎Search
      • Searching your Archive
      • Saving your Search
      • Sharing your Search
      • Filtering Search Results
      • Search (Classic Interface)
    • 📦Spaces
      • Creating a Space
      • Adding to a Space
      • Sharing a Space
    • 📄Results
      • Downloading a Single Result
      • Downloading Multiple Results
      • Printing Results
      • Result Headers
      • Forward Results
      • Restore Results
      • Saving to Space
      • My Archive
    • ⏳History
      • Saved Searches
      • Recent Search History
  • 🔐Legal Hold
    • Creating a Legal Hold Request
    • Managing Legal Hold Requests
  • 🗑️Authorised Delete
    • Requesting a Deletion
    • Managing Deletion Requests
  • 🏛️Archive Management
    • 🧲Importing Data
      • 📥Mailbox Reader
        • Creating a New Mailbox Reader Import
        • Monitoring Mailbox Reader Imports
      • 🗂️Configuring Folder Replication
        • Getting Started
        • Configuring a new Connection for Folder Replication
        • Monitoring Folder Replication
        • Completion of Folder Replication Process
        • Using Folder Replication
    • 🎨Branding
    • 💰Billing
      • Monitoring Usage
      • Submitting Reports
  • 🔌Outlook Add-in
    • Local Add-in Install
    • Centralised Add-in Install
    • Introduction to the Outlook Add-in
    • Searching via the Outlook Add-in
    • Pinning the Outlook Add-in
    • Continuing your Add-in Search on the Archive Interface
  • 🛰️Release Notes
    • 26-01-2024 (v9.4.4-b69-00)
    • 11-10-2023 (v9.4.4-b52-00)
    • 10-05-2023 (v9.4.4-b52)
    • 06-03-2023 (v9.4.4-b50)
    • 20-01-2023 (v9.4.4-b46)
    • 06-05-2022 (v9.4.4-b29)
    • 28-01-2022 (v9.4.4-b21)
    • 09-12-2021 (v9.4.4-b15)
    • 15-10-2021 (v9.4.4-b14)
    • 05-10-2021 (v9.4.4-b12-00)
    • 30-07-2021 (v9.4.3-b8)
    • 18-05-2021 (v9.4.3-b7)
    • 19-02-2021 (v9.4.3-b1)
    • 04-02-2021 (v9.4.2-b20)
    • 15-01-2021 (v9.4.2-b17)
  • OAuth setup with Office 365
Powered by GitBook
On this page

Was this helpful?

  1. Advanced Configuration

Enabling Premium SSO

Single Sign On is a technique in which your current Windows domain login to access Solar Archive, bypassing the login page.

In the SSO technique, passwords are not passed, instead your current windows user token is used for validation. A token is computed every time you log in to a Windows domain, and hence it cannot be cached and used again. This technique only works with NTLM or NTLMv2 tokens and it is designed to only work in Microsoft Domains.

Furthermore, to prevent man in the middle attacks, the user token includes a ‘source pc identifier’. To validate SSO, the Windows Domain Controller will check if the source of the validation request (Solar Archive) is the same as the source PC encoded into the token (the user’s PC). In order for this to work, Solar Archive server needs to be registered as a Computer in the Windows Users & Computers list.

Prerequisites to enable premium SSO

  • Create a COMPUTER account in the Active Directory Users and Computers.

  • Then use the script SetComputerPass.vbs to generate a password. To download the script, click the Download Script button in the Premium SSO options page.

Solar Archive will then be able to create an authenticated connection to your Domain Controller, over which secure SSO connections may be passed.

  1. Navigate to Adv. Configuration > SSO - Single Sign On.

  2. Enter / Select the required values in the fields. Refer to the table below for field names and descriptions. (Note: Hover your mouse on the field names for additional information and / or example values.)

  3. Click the Apply button to save the configuration.

  4. To test the SSO connection, click the SSO Connection Test.

  5. After saving this configuration, the web server needs to be restarted to ensure that SSO is being used. To do this, navigate to the Management > Restart > Restart WebServer.

  6. To review logs, click the Show Log button.

Field
Description

Enable Premium SSO

Specifies whether or not premium SSO is enabled.

Your internal AD Domain

Company’s internal active directory domain. You can get this from the LDAP Base DN. It is typically like company.local or company.com

Computer Account Name

‘Computer’ account name added to Active Directory Users & Computers. If the ‘computer’ account name added to Active Directory Users and Computers is “CryoserverSSO” then this value will be CryoserverSSO$. Notice the required $ sign at the end. Active Directory adds this automatically when you create the account.

Computer Account password

Password of the computer account. To download the script to set a password, click the Download Script button in the Premium SSO options page.This will prompt you for the computer account name, and then lets you set a password. Enter that same password here.

DNS (optional)

IP address of an internal DNS server. SSO service will locate your PDC and any other DC’s via DNS. It will validate a user against any DC that it can contact. If Solar Archive has DNS correctly configured (so domain names resolve in other parts of Solar Archive configuration – like LDAP server names and Outbound Email and Alerts: email server) then leave this blank.

Site Name (Optional)

Active Directory sites and services site that the web server is in. Note: If your users are in a Forest of Domains, then enter the site name of the local tree of your domain. If your company is a single domain company, then you will not require this.

LDAP field to match domain

LDAP field that should be matched with the JCIFS obtained domain.

PreviousAdvanced ConfigurationNextConfiguring OAuth Connection Settings

Last updated 2 years ago

Was this helpful?

⚒️