/build/static/layout/Breadcrumb_cap_w.png
09/25/2018 643 views
We've been using KACE for almost four years, but we're only now thinking of implementing SSO.  What are your experiences with SSO, bad or good?

We had initially decided not to use SSO because we have a large mobile userbase, and wanted users to have the same experience getting to KACE inside the office, as they would outside the office.  

Right now, logging into KACE takes 10-20 seconds (I don't know if that's to be expected for KACE aaS or unusual.  I tried pointing KACE to multiple DCs, but they were all about the same), which I think is a deterrent to users logging in and actually accessing the ticket queues and KB, etc. We have self-help resources that I know users access, so if we moved them into the KB, I wonder what the user's experience would be.

Thoughts:
Ease of configuring?  Our users are in two OUs in one AD domain, soon to be one OU.  I already import users through LDAP, and they can log in with AD credentials, so I would think it should work without much more work. (I know there are potential browser settings to configure.)
Reliability?  What might cause SSO to fail?  If it fails, will it revert to the sign in page?
Does it take 10-20 seconds to log them in the first time, then allow them back in quickly as long as the session hasn't timed out?
If the computer is off the network, but KACE can talk to a DC, will it allow them in using SSO, or make them enter their username and password?
Pre-Windows 2000 user logon names are set to lastnamefirstinitial (ex. SmithJ) while "modern" user logon names (email) are firstname.lastname (ex John.Smith).  Right now, users can log onto KACE with their legacy username, but not email.  If they log into their computer with their email, will this cause an issue with SSO?

I've read through the documentation, several threads on the subject here, and KB articles from Quest, so I'm more interested in personal experiences.

Edited title to better reflect the question.
1 Comment   [ + ] Show comment

Comments

  • Is SSO auth even an option? I was under the impression that KACE has to use LDAP and that's the only option other than local auth. Let us know if you've learned anything else.

There are no answers at this time