In this article you will learn everything about the possibilities of a SSO connection to presono.
presono supports the Single-Sign-On (SSO) login. For this purpose there is an interface to presono which has to be set up. The SSO interface is used in presono exclusively for user and rights management.
For users, this means that they log in to presono with their regular Microsoft account instead of a separate presono account (mail + password).
Via this interface, users are assigned to the corresponding user groups in presono each time they log in.
So there are user groups in SSO and in presono. They are assigned to each other via the interface. If a user is assigned to a user group in SSO , which is also connected to a group in presono, the user can log in to presono via SSO and is automatically assigned the rights of the respective group. A user group can also refer to several groups in presono and vice versa.
Thus, users no longer have to be created in presono, but are automatically created and assigned to the corresponding permission groups in presono as soon as the users log in to presono via SSO , provided that they have groups for this in SSO .
The users will then also appear in the presono UI only once they have logged in, as only then will the user be created.
It is also possible to configure whether the users that are brought into the tool via SSO should have their own workspace or not.
If SSO is already used by the customer, the interface can be used on both sides and the connection can be done individually. This is of course done in cooperation with the presono team.
If the login was set up via SSO , the SSO login screen will appear instead of the presono login screen (URL: https://my.presono.com). Users cannot log in via the presono login screen, so they will be redirected directly to the SSO page.
If desired, individual users can of course still be invited and managed via presono exclusively. They can still log in via the presono login screen. This can be reached on the browser at https://my.presono.com/login and in the desktop app you have to press Ctrl+L when on the SSO login screen. This will redirect you to the presono login screen.
The permission assignment in presono itself also remains unchanged - some or all groups are then only connected to SSO groups.
Technical Background
We use Auth0 (auth0.com) as a service for our authentication mechanisms. Auth0 handles the mediation between the customer's Active Directory and presono in the ADFS configuration.
The previous integrations were implemented via ADFS (Active Directory Federation Services). To do this, our Auth0 tenant is created as a Relying Party and then the following claims are passed along:
- Email-Address
- Display-Name
- User-Principal-Name
- Given-Name
- Surname
- Groups (or custom roles)
Auth0 then also takes over the forwarding to presono if authentication is successful.
Management in presono
To be able to manage the SSO settings in presono, the group right must be set for it:
Once the SSO interface has been set up, the references can be entered in the groups in presono. A new tab with "SSO references" appears on the far right of the group administration. Various references can be entered there. This way, the SSO groups will be mapped with the presono groups.
In the configurations, it can then be set for the entire platform whether the users created via SSO should have a personal workspace or not.
You might also be interested in:
Integration for automatic AI-based translations
Integration for automatic KI-based image generation
Integration for automatic AI-based text optimisation
Categories, Workspaces & Rights