Browser Policy SSO

How it works

This method allows the Browser Extension to identify the user without having to go through SSO via SAML altogether. Since the authentication of Userlane end users should happen silently, without showing any UI to the user, and without requiring any interaction from the user, we also offer another means of authentication. 

We can authenticate the user through configuration fields in the Browser Extension Policies. 

These policies can be provided in a tamper-proof manner by IT admins on behalf of the users (e.g. in a registry key). 

MDMs typically support the provisioning of scripts that can automatically generate values depending on the user. 

The enhancement of the user profile can be done in the same way, or separately via a CSV upload, REST API, or LDAP integration.

Browser policy config:

  1. companyId - same for every user

  2. companyIntegrity token - same for every user

  3. authToken - same for every user

  4. userId - different for every user

  5. userAttributes - optional - different for every user

Configure Browser to install the Userlane Extension and provide configuration

How exactly these config fields are being passed to the Browser depends on the specific setup of customer IT, so Userlane won’t be able to explain step by step. Each browser needs to be set up separately. Find on the next pages an abstract manual for how it would be done with Windows Registry Keys using .reg files and PowerShell scripts, which typically can be provisioned through any MDM.

To seamlessly rollout Userlane we need to configure the Browser to install the Userlane Extension through the given options by the respective browser.

What is the difference to SAML SSO?

The SSO flow using SAML is invoked automatically by the Browser Extension.

The SAML flow is great for applications users log in to intentionally, because they can work with a UI that prompts the user to choose their IDP, or enter their password if needed.

Limitation: Because the flow happens automatically, it should be done silently in the background, without any user interaction. Sometimes, that poses challenges with the configuration of IDPs that require a user interaction on SAML flows.

Browser policy config:

  1. companyId - same for every user

  2. companyIntegrity token - same for every user

User Icon

Thank you! Your comment has been submitted for approval.