OneStream IdentityServer is a single sign-on (SSO) service available for applications hosted in the OneStream Azure Cloud environment. OneStream IdentityServer supports multiple, concurrent OpenID Connect (OIDC) and SAML 2.0 protocol compliant external identity providers (IdPs) and native authentication, so you have more choice and flexibility implementing SSO.
The Cloud Operations team manages OneStream IdentityServer configuration properties in the IdentityServer database. Once an environment is enabled for OneStream IdentityServer:
-
Native accounts are authenticated by OneStream IdentityServer.
-
External provider user accounts are passed by OneStream IdentityServer to the configured IdP for authentication.
-
You can generate and manage personal access tokens in the Identity & Access Management Portal to use in REST API calls. See Personal Access Tokens.
-
You can add and manage identity providers in the Identity & Access Management Portal. See Identity Providers.
Users are defined in System Security, but their login flows vary depending on their configured authentication. See Login Flows.
When implemented, OneStream IdentityServer governs authentication in the Windows Client application, the Excel Add-In, and BrowserUX.
Watch an overview of identity and access management (3:54).