For self-managed customers only, LILT supports Single Sign-On (SSO), allowing users to sign in to LILT using an identity provider other than LILT. Organizations can utilize SSO to simplify account management and reduce password fatigue.
Currently, a user account must pre-exist in the LILT system before SSO can be used to authenticate the user.
LILT customers can sign in via their Google account.
After being invited to join LILT by someone in your organization, you can create an account using Google Sign-On.
Users with existing LILT accounts that use traditional username/password sign in can access their accounts and all their data using Google Sign-On with an email address that matches their existing account. Users may use both sign-in methods interchangeably.
LILT Platform users can sign in through their organization’s SSO once configured via OpenID Connect (OIDC).
OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 framework of specifications (IETF RFC 6749 and 6750). It simplifies the way to verify the identity of users based on the authentication performed by an Authorization Server and to obtain user profile information in an interoperable and REST-like manner. OIDC can be leveraged through many identity providers such as Amazon, Microsoft, Okta, etc.
LILT must be registered as a client with your OpenID Connect (OIDC) provider before installation. Client key, secret, and configuration parameters need to be configured during installation. Those parameters will be set by your systems administrator under the front:config:SSO property in the helm values file.
A LILT installation can support only one OIDC configuration at a time.
OpenID support has currently been tested with the following two signing algorithms: SHA256 and HS256.
The integration supports encryption with the OpenID provider via HTTPS but does not additionally encrypt the OpenID payload.
After configuration, OIDC authentication can be used to authenticate existing LILT accounts and their data.
To create new user accounts, users must first be invited by email using the “New member” screen in the LILT Organizations tab. After being invited, new users can sign in using the SSO button on the sign-in page.
NOTE: Automated user provisioning and de-provisioning is not supported in LILT.