Page tree
Skip to end of metadata
Go to start of metadata

This guide will show you how to integrate Kiuwan into an SSO-SAML local authentication environment.  




Kiuwan can be integrated with a Local Authentication system.

This is a common scenario in organizations that validate their employees' credentials against their authentication system, and do not want them to use other credentials when accessing external services. 

If your company uses a corporate authentication service, your users and passwords will most probably be stored in Active Directory, OpenLDAP, IBM Tivoli or any other similar system.

If that is your case, it’s not needed to have different credentials for your Kiuwan account, you can use existing ones.


By integrating Kiuwan with your Local Auth service, you will make Kiuwan authentication to delegate on your system, avoiding the need to use/maintain additional credentials.


Since April 2019 release, Kiuwan allows you to log in to a SAML Single Sign-One (SSO) environment.

By implementing SSO, a user can log in to different independent systems through the use of a single set of credentials, centrally managed in a repository


Local Authentication scenarios

Depending on your infrastructure, there are at least two possible scenarios:

  1. Centralized Authentication

    1. Do you need to login to every system in your organization using the same user/password? Are you tired to type the same credentials to access different systems? This is a clue that your organization maintains a centralized authentication system (i.e. your organization is keeping your credentials in a unique system) that is used by the different systems.

  2. Single Sign-On (SSO)

    1. Do you only need to authenticate once and you can access the different systems? That is evidence that your systems are internally using an authentication system that is shared by the different applications, making unneeded to type your credentials when you access those systems. This is what is called a Single Sign-On environment.

If you want to avoid using/maintaining Kiuwan credentials, ask you first which of the above models apply to your organization, and don’t care, Kiuwan supports both !!


There are two different mechanisms to make Kiuwan work in an SSO environment.

  1. If your organization is using a centralized credentials repository that does not support SAML (the most widely adopted SSO standard), you can configure Kiuwan to use it as described in section DelegatedAuthenticationSingleSign-On 

  2. Instead, if your organization is using a SAML-compliant repository (e.g. Active Directory FS, Azure AD, CA Single Sign-On, etc), you can configure Kiuwan to use SAML (as described in section SingleSign-on(SSO)withSAML2.0)



  • No labels