07.11.2024

Single sign-on in practice: How SSO via Azure AD and Shibboleth makes everyday life easier

Single sign-on makes access to Zeitwart even easier - thanks to the integration of Azure AD, Shibboleth & Co. and automatic role assignment.

Daily access to different IT systems is an integral part of modern work processes - and for many users, it is associated with a hodgepodge of passwords. Single sign-on (SSO) makes this much easier: one login, many systems, maximum security. In this article, we show you how Zeitwart flexibly supports SSO, the benefits this brings for organisations - and how you can even implement automated role assignments with just a few clicks.

What is Single Sign-On (SSO)?

SSO allows users to authenticate themselves once centrally - for example with their Microsoft account - and then access all integrated systems without having to log in again. This eliminates the need for multiple logins, reduces the burden on IT and increases security.

SSO in Zeitwart: More than just login

Zeitwart supports a large number of identity providers - in parallel. Whether Azure Active Directory, Shibboleth, local accounts or library systems such as WinBIAP: any number of identity providers can be integrated, for example for different locations, departments or user groups. Each organisational unit can therefore work with the authentication method that suits them best - without changing the user environment.

Supported authentication options:

- Azure AD (oAuth2) - ideal for companies with Microsoft 365

- Shibboleth (SAML2) - e.g. for universities, schools or libraries

- WinBIAP & other library systems

- Local user accounts - for particularly flexible or independent setups

Workflows: Automated role assignment made easy

SSO in Zeitwart is particularly powerful when combined with user-defined workflows. These enable the automatic assignment of roles based on any attributes - e.g. email address or affiliation to an organisational unit.

Examples of automated role assignment:

- Email addresses with the pattern @schule-xyz.de are automatically assigned to the "Teacher" role.

- Users with domain components such as @student.universität.de are automatically assigned the role "Student".

- A separate identity provider can be used for external service providers, whose users are registered as "guest" by default.

These automated rules save an enormous amount of time in user administration and ensure that everyone receives exactly the authorisations they need - no more and no less.

Practical example: One login, many ways

A company with Microsoft 365 uses Azure AD as an identity provider. As soon as employees log in to their workplace, they are automatically authenticated with Zeitwart. They can book rooms, request services or manage appointments - all without a separate password. At the same time, their role is automatically assigned in the system, e.g. "employee" or "team leader". If their position or department changes, this is applied directly the next time they log in - without any manual intervention.

Advantages at a glance

- Central administration: No separate user accounts required in Zeitwart

- Automatic assignment of rights: roles are assigned dynamically based on attributes

- Parallel authentication: multiple identity providers can be used simultaneously

- Greater security: no redundant password storage, reduced attack surface

- Optimised user experience: a single login for all applications - including mobile or on displays

Setup & Support

The integration of identity providers into Zeitwart is straightforward and is actively supported by the Zeitwart team. Whether Azure AD, Shibboleth or WinBIAP - our experts will help you with configuration, connection and test operation.

Conclusion:

SSO with Zeitwart not only means more convenience, but also more control and security. The combination of flexible authentication, automated workflows and multi-client capability makes Zeitwart an ideal solution for organisations with complex structures - from small businesses to large educational institutions.

zurück zu Blog-Übersicht
Zeitwart UG (haftungsbeschränkt)
Albert-Einstein-Straße 1
49076 Osnabrück
Telefon: +49 (0) 541 - 201 95 210