All versions of this manual
X
Welcome to Linkurious administration manual v2.10.18. Use the menu to access other documentations.
  1. Introduction
  2. FAQ
  3. Getting started
    1. Technical requirements
    2. Downloading
    3. Installing
    4. Starting Linkurious
    5. Stopping Linkurious
    6. Configure Linkurious
    7. Release notes
    8. Graph DB Feature Map
  4. Troubleshooting
    1. Checking Linkurious status
    2. Reading the logs
    3. Getting support
    4. Manage license
  5. Importing graph data
    1. Neo4j
    2. JanusGraph
    3. Cosmos db
  6. Updating Linkurious
    1. Checking for updates
    2. Backing up your data
    3. Update procedure
  7. Configuring data-sources
    1. Neo4j
    2. JanusGraph
    3. Cosmos DB
    4. Alternative IDs
    5. Merging data-sources
    6. Advanced settings
  8. Search index
    1. Search Option Comparison
    2. Neo4j
    3. Neo4j to Elasticsearch
    4. Azure search
    5. Configuring Elasticsearch
    6. Using Elasticsearch on AWS
    7. Incremental Indexing
  9. User-data store
    1. Migrating to an external database
    2. Backing-up your store
  10. Web server
  11. Authentication
    1. Getting started
    2. LDAP / Active Directory
    3. SSO with Azure AD
    4. SSO with Google
    5. SSO with OpenID Connect
    6. SSO with SAML2 / ADFS
    7. Configuration
  12. Access control
    1. Managing users
    2. Managing groups
    3. Standard access-rights
    4. Property-key access-rights
  13. Guest mode
    1. Guest mode
  14. Data Schema
    1. Property types
    2. Hiding data
    3. Strict mode
  15. Alerts
    1. Configuration
  16. Visualizations appearance
    1. Default styles
    2. Default captions
    3. Geographic tiles
  17. Audit trail
    1. Log format
  18. Plugins
 

Authentication: Configuration

The authentication is configured within the access configuration key in the configuration file (linkurious/data/config/production.json):

  • authRequired (default: false): Whether to require authentication, see how to enable authentication.

  • guestMode (default: false): Enable the guest mode.

  • loginTimeout (default: Infinity): Seconds of inactivity after which a user is logged out.

  • dataEdition (default: true): Enable the creation, edition, and deletion of nodes and edges in all data-sources. Permissions can be fine-tuned for each group, see the documentation about users and groups. If set to false, all edition requests sent through Linkurious Enterprise to the data-sources will be rejected.

  • widget (default: true): Enable to publish visualizations online. Published visualizations are always accessible by anonymous users.

  • externalUsersGroupMapping (optional): How to map external groups to Linkurious Enterprise groups (see how to configure group mapping).

  • externalUsersAllowedGroups (optional): List of external groups of users allowed to log in into Linkurious Enterprise.

  • externalUserDefaultGroupId (optional): Default group id automatically set for new external users when no other rule is set in externalUsersGroupMapping. This configuration setting should not be used when autoRefreshGroupMapping is true, otherwise it may result in users with no groups to have no access to the data-source.

  • autoRefreshGroupMapping (default: false): If true, when an external user logs in, their groups are reset according to externalUsersGroupMapping and are also not allowed to be updated.

  • ldap (optional): The connection to the LDAP service (see how to configure LDAP).

  • msActiveDirectory (optional): The connection to the Microsoft Active Directory service (see how to configure Active Directory).

  • oauth2 (optional): The connection to an OAuth2/OpenID Connect identity provider (see how to configure Azure AD, Google or a generic OpenID Connect provider).

  • saml2 (optional): The connection to a SAML2 identity provider (see how to configure SAML2 / ADFS).

  • floatingLicenses (default: Infinity): The maximum number of users that can connect to Linkurious Enterprise at the same time.

  • autoRefreshGroupMapping (default: false): If set to true access rights for an external user will be refreshed at every login

Local vs. external authentication

To access Linkurious Enterprise when authRequired is true, users need accounts in Linkurious Enterprise. Administrators can create accounts directly in Linkurious Enterprise (see how to create users) or rely on an external authentication service.

Linkurious Enterprise supports the following external authentication services:

If your company uses an authentication service that Linkurious Enterprise does not support yet, please get in touch.

If you enable an SSO capable authentication service (OAuth/OpenID Connect or SAML2), your users won't need to login directly in Linkurious Enterprise but, instead, by clicking the SSO button they will be redirected to the identity provider for authentication.