DASTRA
English
English
  • What is Dastra
  • 🇪🇺USEFUL REMINDERS
    • What is GDPR ?
    • GDPR key concepts
      • Personal data
      • Record of processing activities (ROPA)
      • Privacy impact assessment
      • Data retention period
      • Data Subject Rights (DSR)
      • Privacy by design and by default
      • Security measures
      • Data breach notifications
    • Risk management
      • Definition of risks
      • Risk assessment
      • Vendor risk management
  • 🧑‍🎓GETTING STARTED
    • Setting up
      • Create and set up a workspace
      • Create and set up organizational units
      • Appointing a DPO
      • Add a lead authority
      • Invite users
      • Managing roles and permissions
      • Create and assign teams
      • Frequently asked questions
    • Tutorial
      • Step 1: Setting up
      • Step 2: Map your personal data processing and draw up a register
      • Step 3: Managing risks
      • Step 4: Prioritize actions
      • Step 5: Implement internal processes
      • Step 6: Document compliance
    • Support
      • The dastronaut's assistant
      • Online help
      • Request support
      • The customer support process
  • ⚙️Features
    • Dashboard
    • General
      • Advanced Filters
      • Import your data (Excel, Csv)
      • Tag management
      • Custom fields
      • AI Assistant
      • Email templates
    • Data Mapping
    • Record of processing activities
      • "Data controller" record
      • "Data processor" record
      • Establish your record
      • Export / import the record
      • Use a processing activity template
      • Declare a processing activity
      • Complete a data processing activity
        • General information
        • Stakeholders
        • Purposes
        • Dataset
        • Assets
        • Data subjects
        • Data subjects rights (DSR)
        • Recipients
          • Data transfers outside the EU
        • Security measures
        • Impact analysis
        • Documentation
      • Create relationships between processing activities
      • Processing freshness
      • Share the record of processing
      • Data visualization
        • View the treatment tree
        • View the record data map
        • View the transfers map
      • Frequently asked questions
    • Audits and DPIA
      • Create or modify an audit template or DPIA
      • Scheduling an audit or a PIA
      • Share an audit report or PIA
      • FAQ
    • Privacy hubs
      • Create a Privacy hub
      • Configure your Privacy hub
        • Homepage and general configuration
        • Questionnaires
        • Data subject requests
        • Record of processing activities
        • Attachments
        • Organizational chart
        • Contacts
        • Security
        • Appearance and design
      • Preview and share your privacy hub
      • Collecting data processing projects from a Privacy hub.
    • Contracts
      • Declare a Contract
      • Structure of a contract
      • Documents
      • Assets
      • Signers
      • Linked users
      • Sign the contract
      • Docusign integration
      • Contract versions
      • Contract templates
    • Risk management
      • Glossary of terms
      • Risk management process
        • 1. Identification
        • 2. Assess
        • 3. Monitor
        • 4. Control
        • Let's recap
      • Dastra / eBios RM comparison
      • Attach a risk to a processing activity
      • FAQ
    • Planning
      • Create your action plan
      • Create or modify a project or an iteration
      • Monitor, screen or export your tasks
      • Customise the task workflow
      • Share as calendar
      • Customise the task workflow
      • Go further with planning
      • FAQ
    • Data subject right request
      • Manage data subject right requests
      • Set up a data subject right request widget
      • Technical integration
      • API integration
    • Manage data breach notifications
      • Report a data breach
      • Export your data breach notifications
    • Manage cookies consent
      • Widget configuration
        • Preliminary study
        • Cookies scanning
        • Classify cookies by consent categories
        • The purposes of cookies
        • Implement a cookie consent widget
        • Collect proof of cookie consent
        • Go further on cookie consent
        • In case of unavailability
      • Technical integration
        • Functioning of the widget
        • Quick start
          • Wordpress
        • Language management
        • Test the integration of a widget
        • Blocking cookies
          • Blocking iframes (twitter/youtube...)
          • Google Tag Manager
        • Advanced Design
        • Manage consent programmatically
        • User identification
        • Mobile applications
          • Hybrid applications
          • Native applications
        • TCF 1.1/2.0
      • RGAA compliance
      • Breakdown service
    • Regular review (freshness)
    • Custom Reporting
      • Integration with data analysis tools (BI)
    • AI Systems
      • Establishing a record of AI systems
      • Risk analysis and business value
      • Transparency notice
      • AI Models repository
    • Advanced configuration
      • SCIM
      • Roles and permissions
      • Single Sign On (SSO)
        • SAML 2
        • OpenId
        • ADFS
        • Active Directory
        • Okta
        • Known problems
      • References
      • API key management
      • Notifications
      • Workflow steps / process flow
      • Incoming mail data collection
      • OneDrive/Google Drive integrations
      • Webhooks
      • SMTP configuration
      • Workflow rules
      • Message templates
      • Email domains
  • PARTNERS
    • Portal
  • 📄API documentation
    • Configuration
    • Authentication
    • API References
    • Integrations
      • Frequently asked questions
  • 🛡️Security
    • Security at Dastra
    • Security roadmap
    • Quality of Service
  • Certifications
  • 🤖Other
    • FAQ
    • Known problems
    • Changelog
  • Referentials
    • CNIL referentials
      • HR referential from CNIL
Propulsé par GitBook
Sur cette page

Cet article vous a-t-il été utile ?

  1. Features
  2. Advanced configuration

Single Sign On (SSO)

This page details the implementation of SSO within Dastra

Dernière mise à jour il y a 1 an

Cet article vous a-t-il été utile ?

Working Principle Single

Sign-on (SSO), a method that allows a user to access multiple computer applications (or secure websites) by only undergoing a single authentication process, is often referred to by its English acronym, SSO (from single sign-on).

A company can use its own authentication system instead of the default local login provided by Dastra. Among the most used SSO systems, one can mention Microsoft Active Directory, Google Workspace (formerly GSuite), Auth0, etc.

The process works as follows:

A user (User Agent) will request a connection to the service provider (Service Provider) who will in turn solicit an identity provider (Identity Provider) to authenticate the user. This authentication is then sent back to the service provider who will accept the user's connection request.

In our case, the User Agent is a Dastra user's browser. The Service Provider is Dastra, and the Identity Provider is your preferred authentication provider (for example: Active Directory).

Implementation

Note: You must be the owner of the organization to access this page.

How to Enable Automatic User Provisioning?

If you want users from your identity provider not to need to create accounts to access the entity, you can check the box "automatic user provisioning." If you provide your users with an SSO provider URL like this one:

https://account.dastra.eu/account/loginexternal?provider={your provider id}&returnUrl=https://www.dastra.eu

=> in the case of validated authentication, they will automatically have an account created in Dastra and a notification mail will be sent to you a few hours later.

You can choose the default role assigned across all organizations associated with your subscription.

Team Binding

It is possible to bind teams of a workspace to a property (Claim) returned by your authentication servers.

How to Administer User Logins?

You can configure the type of user login by going to the user management page of the subscription. By visiting a user profile, it will be possible to choose the preferred SSO login.

From then on, the user who connects to Dastra with their email address will be automatically redirected to the login page of the authentication provider you have set up.

You can also define the type of login when inviting new users.

Within a Dastra subscription, you have the option, if you have subscribed to the feature, to manage one or several SSO logins. To access the SSO configuration, go to the in the security tab of the subscription account configuration panel.

Dastra offers two single sign-on authentication protocols, and . To access configuration assistance, click on the links below.

If the user's account is deleted or invalidated in the authentication provider, their account will not be erased in Dastra, but they will no longer be able to connect. You have the option to purge these accounts via the .

Currently, Dastra does not support binding roles through the properties of the authentication server. If this feature is important to you, you can report it to us via the .

⚙️
SSO login configuration page
SAML 2
OpenId
ADFS
user manager of the subscription
support page
SAML 2
Open ID