We plan to activate SSO authentication and SAML user management.
Unfortunately, after enable this feature, we will not be able to create manually operator with badge access authentication.
For some use case, with shared PC/ station for example, SSO authentication is not possible, operator is authenticated with badge.
At platform level, we would like to manage user with SSO authentication and without SSO.
Is it plan to implement this feature?
1 Like
Hi Nicolas-
Welcome to Community! There is a way to configure Tulip so that badge access will still work with SSO. If you are working with the Tulip Customer Team they will be able to help, if not I recommend filing a support request when you are ready.
Hi Pete
Thanks for your quick reply.
I have see on Tulip Resource that when I enable the SAML it is possible to keep some operator with badge access by contacting my Customer Team.
That fine for existing operator, however when I will activate SAML, buttom āCreate Userā disappear, how I will create new operator with badge access?
Nicolas
Hi Nicolas,
I wanted to quickly summarize the final result of this discussion: When you enable SAML on your instance, the only decision you can take is whether all your operators are logging in via badge ID or all are login in via SAML. Unfortunately, we currently donāt support an individual login decision for each operator.
Kind Regards,
Anja
Hello Tulip
I come back to this topics, that I regularly escalate to Tulip on different meeting with customer success or product team. We have more and more use case and pilote that point this as a nogo and request feature for adoption of Tulip.
The feature need is: as an operator on Tulip player I would like to be able to be authenticate with SSO or badge ID/pwd . This feature is quite usual for most of application/platform on the web today, on the loging screen 2 ways to authenticate: User/Pwd and SSO.
Today in Tulip platform, this authentication method (badgeID or SSO) is setup at platform level for all operator, it is an on/off option.
This is an issue for us because the reality of the deploying Tulip on our shopfloor, we have 2 use case that must run in //:
1/ Tulip is running on shared station/laptop/windows session where SSO is not possible to implement : badgeID authentification method
2/ Tulip is running for one operator on his own laptop/windows session. SSO authentification would be the authentification method because it is more secure, it is base on our AD for user provisionning, user donāt need to enter anything (it is must faster)
Today the use case 2 have a lot value for our company but it couldnāt be implement.
Thanks
2 Likes
Hello Nicolas,
We at Tulip for the past months have been actively developing a new technical architecture to manage accounts that will allow for much more flexible authentication options. One of the reasons that work began was specifically due to your use-case of supporting multiple login methods at a site. This new foundation will also allow us to in the future build support for custom password validation, greater control over user registration, and use one account across all of Tulip (Tulip Community, Tulip University, the instance, etc.)
We have been planning and building this technical foundation ever since your initial request, and will continue to track this use-case closely.
Thanks
3 Likes
Deeply needed feature for us.
2 Likes
Thanks Viktor for this very good news. Did you have an draft estimate on when it will be available?
2 Likes
Essential function to move forward in our usecase
1 Like
Hello Nicolas, and welcome to Community Willian and Ayoub!
We have an internal goal to complete developing, testing, and releasing the new technical architecture to manage accounts early next quarter. I unfortunately donāt have a draft estimate today for āmultiple login methods at a siteā given that this team is considering other initiatives for inclusion into this year. Specifically, enabling customers to create Custom User Roles, enabling customers to add users to User Groups, and others.
Maybe an interesting use case for authentification. We think about deploy Tulip apps in our suppliers/subcontractors workshop to collect critical data. All our suppliers are connected to SAP Ariba Supply Chain. Ariba provide a feature call Ā« Applications Gateway Ā» that provide authentification and provisioning for third party apps (already use in my compagny). If we think about create dedicated workspace for suppliers, it will be great to have different SSO options depending on workspace, or domain nameā¦ hope itās clear feel free to contact us if you want more details
1 Like
click the āVoteā button on this thread to add your +1 to see this feature prioritized.
Where are you thinking workspace or domain specific SSO is handled? In SAP itself? Trying to narrow down what other namespaces Tulipās own user account management will need to interact with.
More detail here about SAP Ariba Application Gateway SAP Help Portal In this case SAP Ariba will be the identity provider.
If you want more details we can organize a meeting where we can explain in detail how it works. As an example, we use this technology with the https://www.colabsoftware.com/ platform to allow suppliers not to have to manage additional passwords. Tulip could follow the same path?
Awesome, thanks. We should discuss in the User Advisory Council if youāre comfortable with sharing this there; otherwise Iāll set something up with us and a few of my colleagues.
Hi, maybe we can organize a call about this topic. Give access to Tulip apps to our supplier ecosystem is a hot topic!