What is single sign-on (SSO)?
Single sign-on (SSO) is an authentication method that allows you to access multiple independent software systems using a single set of credentials, such as a username and password. With SSO, it is not necessary to log in separately for each system, which simplifies the login process and increases user-friendliness.
How does single sign-on work in RFEM 6?
RFEM 6 uses single sign-on to simplify the licensing process. Currently, the Microsoft Azure Active Directory account is supported. The implementation of SSO in RFEM 6 is as follows:
- System account query: RFEM 6 asks Windows for the system account of the currently logged-in user.
- Silent token acquisition: RFEM 6 tries to obtain an access token for the user in the background and without user interaction.
- Interactive token acquisition (if required): If silent token acquisition fails, for example, because the user is not logged in or there is no valid session, RFEM 6 tries to acquire the access token interactively.
- Token validation: RFEM 6 validates the obtained access token against the Microsoft Graph API endpoint at https://graph.microsoft.com. This step ensures that the token is issued by Microsoft and is valid.
- Sending the token to the Dlubal license server: After successful validation, RFEM 6 sends the access token to the Dlubal license server.
- User data retrieval and license check: The Dlubal license server also contacts https://graph.microsoft.com to retrieve the email address associated with the access token. Based on this email address, the license server determines the associated company and checks if a valid license for RFEM 6 is available.
What are the advantages of single sign-on in RFEM 6?
- Simplified login process: You do not have to log in every time you start RFEM 6 if you are already logged in to Windows.
- Increased user-friendliness: Fewer passwords to remember and faster access to the software.
- Improved security: SSO can improve security by centralizing password management and reducing the risk of weak or reused passwords.
What are the requirements for using SSO in RFEM 6?
- Company account: Your company should have an account that is compatible with single sign-on (for example, a Microsoft Azure Active Directory account).
- RFEM 6 license: A valid RFEM 6 license must be assigned to your company account.
- Internet connection: An active Internet connection is required for authentication and license verification.
Do I need a permanent Internet connection to use RFEM 6 with SSO?
No, RFEM 6 does not require a permanent Internet connection for ongoing use after the license has been successfully activated via SSO. An Internet connection is mainly required for the license check when starting RFEM 6. RFEM 6 may perform a new license check at regular intervals in the background to ensure the validity of the license.
SSO and RWIND
Currently, SSO is not supported by RWIND. This also applies to RFEM internal RWIND calculations.
Problems and Solutions
| Login with Microsoft fails | Missing administrator consent, Azure permission missing | The administrator must allow consent in the Azure portal. |
| No license available despite successful login | Email address not stored in the license server or incorrect, no license available | Check the email in the license system. Provide a free license or create a user in the license system. |
| Token is rejected | Token expired, manipulated, or certificate problems | Log in again, clear the browser cache. Check certificates or contact Microsoft Support if the problem persists. |
| Multi-factor authentication (MFA) is not requested | MFA is not enabled in the Microsoft account or is not enforced for users | Check and enable MFA policies in Azure AD by the administrator. |