the web front-end for your database

Single Sign-on

One of the integrations that tends to make the most sense is that of security. Few users enjoy logging in multiple times per day. Fewer still enjoy having to remember multiple sets of credentials as they move around through the systems that are used in your environment. Even more important is the fact that requiring users to log in multiple times on multiple systems with different sets of credentials for each system actually tends to weaken your security. This is because users take to writing their login information down and/or using weak passwords. This also increases the management cost.

Risks

One danger of single sign-on is if some of the different entry points for single sign-on allow for easy password interception.   This is a significant danger for web applications because they allow sign on from many potentially insecure environments including coffee shops with no Wi-Fi security or home systems that might have malware installed.  This risk can be mitigated by ensuring the use of SSL certificates on the web servers, and requiring any home systems used to connect to the office to have a reasonable level of safeguards in place.

Setting up Single Sign-on

How you setup single sign-on depends on what you want your single source of users to be.  For more details on the authentication options and setup in dbFront please see: Authentication Overview

Windows Active Directory

If your single source of users is Windows Active Directory then you would setup the dbFront Service to point directly to your domain.  Additionally you would setup several groups to restrict access to dbFront, both for administrators and regular users.   For more information see: Windows Authentication.

Database Authentication

If your single source of users is contained in a Database then you can setup dbFront so that it will validate users using a stored procedure.   For more details see: Database Authentication.

User Profiles

In addition to both of the above options, you can use the requirement for a Database Profile to restrict or manage user access to individual databases.  For more details see: User Profiles.

Connection Reuse

Some implementations of Single Sign-on also cover the reusing of credentials/sessions between systems.  This means that a user could Sign-on once and then travel between the various systems without having to Sign-on multiple times.  dbFront is not yet capable of this level of integration.

More Security Options

For more security options see: Authentication Overview

Content you want the user to see goes here.
close