last week I came across an interesting post by Deepthi Katta in the Sitecore Slack channel of #content-hub. We talked about the possibility to use SSO without the need of creating accounts in the Content Hub, but allowing all users to login with the preconfigured rights.
My first thought that it would be strange to support SSO without differentiating between accounts. The whole point of the Content Hub is to support collaboration within the company and with external companies. And most of the time you don't want to expose the whole Content Hub to an external translation agency. But, after some more thought, it became clear to me that this is not the case for every company. Perhaps there are smaller companies that just don't need the whole complexity of different user groups and such. So could the Content Hub be configured to allow SSO and have everyone that logged in have the same accounts / rights? And how could we do this?
The good news, yes, it is possible to configure the Content Hub in this way. Deepthi reached out to Sitecore support and got the following answer on how to configure the authentication. You can change the following settings in Management Portal -> Settings -> PortalConfiguration -> Authentication.
Here is the clarity I received on support ticket.
- "AutoCreateUsers" to true
- "EnableCredentialless" to true
- "DefaultUserGroups" to an array of the usergroups you want users to have by default
The behaviour you should expect:
- If the user does not have an email in content hub, it will be logged in without an account and use the "DefaultUserGroups" *
- If the user does have an email in content hub, it will be linked to the account associated with that email (edited)
So there we have it. Want to know more about the authentication configuration. Check out the links to the documentation. https://docs.stylelabs.com/content/3.4.x/user-documentation/administration/security/authentication/configuration.html
Until next time!
* Retification
For every user that logs in through SSO, an account will always be created by default within Content Hub.