Versions Compared

Old Version 3

changes.mady.by.user Laura McWilliams

Saved on

compared with

New Version Current

changes.mady.by.user Laura McWilliams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If your instance of Isora GRC is configured to use SSO, then Isora GRC won’t need to talk to the LDAP server to perform authentication. Instead, it will talk to your Identity Provider (IDP). Either way, Isora GRC will still use the LDAP server for authorization and existence checks.

What if I configure Isora GRC to use Single Sign-On (SSO) but not LDAP?

Your Identity Provider (IDP) is probably still using LDAP/AD on the back-end to authenticate your users, but Isora GRC does not need to access the LDAP/AD server directly in order to use SSO. Isora GRC will use SSO to authenticate users, but without having access to the LDAP/AD server, Isora GRC will not perform any authorization or existence checks. What are the impacts?

  1. Skipping “authorization and existence checks”- You won’t be able to limit which users can access Isora GRC based on LDAP attributes (such as group affiliations). Any user that has an account on Isora GRC will be able to log into the tool. As long as you are careful about which users you create accounts for, this shouldn’t be a problem.

  2. Delegation- You will still be able to add new users to Isora GRC through delegation, but without verifying user information or doing typeahead searching. For example, if you want to delegate to “Bob Jenkins,” and his username is bobjenks but you type in “bobjenkins” (because you misremember his username), a new user account on Isora GRC will be created with username “bobjenkins.” But Bob Jenkins won’t be able to log in, because you’re using SSO, and his SSO username is actually “bobjenks.”

  3. Local passwords ignored- If you use SSO to log in, even if the user has a password defined within Isora GRC, that password will be ignored for the purposes of logging in via SSO. The locally defined password does not have to match your SSO password.

I need help integrating my instance of Isora GRC with LDAP and/or SSO- what should I do?

Reach out to support@saltycloud.com and our support team will guide you through the process. This will involve gathering some information from you, sending you some info, and doing some customization on your instance of Isora GRC. For more info, see Isora GRC Customization .