Introduction
This article provides an overview of the Enterprise Authentication settings in Astrato.
Contents
Overview
Enterprise Authentication features in Astrato have been designed for customers who use a centralized Identity Provider (IdP) for managing their user accounts, and assign their users a single sign-on (SSO) account to access multiple systems. Using a centralized IdP means the organization controls access to all software from a single location, and in some cases they can integrate user account information to extend access control to external systems like Astrato.
Astrato supports a large variety of different iDPs and we also supply a generic OIDC connector that allows you to connect any OIDC compliant iDP.
Figure 1: Enterprise Authentication Example
Astrato supports connections between a customer's enterprise IdP and their Astrato workspace, which gives the customer the advantage of granting user access without managing a separate Astrato account. Figure 1 (above) shows the location of the Enterprise Authentication settings on the Astrato site and the pages you'll use to set up the connection. You can find setup guides for each connection type in the Administration collection of the Astrato Help Center.
Note: You'll only be able to set up one connection type at a time for a workspace. If you need to enable another connection, you'll need to delete the existing one.
Preparation
The Configuration tab for your iDP in Astrato contains the information you will need to configure your iDP for Astrato. Please refer to your vendors documentation on how to configure external applications.
Enterprise Authentication
If you click Enterprise Authentication in the Administration section, you'll open a page containing the list of connection types (Figure 2). Any connection types we're currently developing to use with Astrato are listed, but greyed out. In this article we'll be using Google Workspace as an example. Click Connect to open the connection type you need to set up.
Figure 2: Enterprise Authentication
Configuration
Once you've chosen a connection type, you'll open the connection Configuration page (Figure 3), which contains the information you'll use to integrate with Astrato.
Figure 3: Configuration
Setup
When you open the Setup screen (Figure 4) you'll see a list of fields where you'll enter information about your data connection and click Create to complete the setup.
Figure 4: Setup
Enterprise Authentication Articles
You can find more articles on enterprise authentication (including a setup guide for each supported connection type), in the Administration collection of the Astrato Help Center.
Redirect users after login - Customize Return to URL
Astrato supports the use of returnTo as a URL parameter. This method is particularly useful if you want a direct redirect to a specific URL using an SSO provider. The paths must be part of app.astrato.io, for example, /workbooks.
When a user logs in, they can be immediately sent to a workbook, which could be a dashboard or even a personalized landing page that links to other workbooks.
Step 1: Copy your login URL
Step 2: Append your path address
See the best practice guidance below for creating the path in the correct format.
โ Best Practice
When creating your returnTo string, do not include the domain (app.astrato.io).
Include the first slash like this: /collections then encode the url %2Fcollections. The result will look like this &returnTo=%2Fcollections.
โน๏ธ Remember to encode URLs - https://www.urlencoder.org/
Step 3: Start using your new login URL
Use the new login URL with the path address appended, start sending it to users.
Examples
Astrato supports returning to custom URLs. These
Return to sheet
&returnTo=%2Fobject%3FobjectId%3D04bedf08-9d08-450d-9e8f-3d8dab5d143e%26tenantId%3D988d4ffe-3a80-48c4-8527-5afecf0bb41b%26workbookId%3Db9ba6ab6-ae6e-48de-8fab-39554ef082a3%26databaseId%3D1651020e-726a-4738-9ef2-ec6e40c3b1b1%23sheetId%3Ded849664-e011-4954-a4cd-d5fde39c5f1f
Return to collections
&returnTo=%2Fcollections