needed updates. After validating the changes, you use SAS macros to load the
updates into the metadata repository.
Note: You cannot use these batch processes to manage passwords. Users can manage
their own passwords with the SAS Personal Login Manager.
The metadata identity information is used by the security model's credential management
and authorization features. For example, when a user logs on to SAS Data Integration
Studio, the metadata server wants to know who the user is so that it can determine which
libraries, stored processes, and jobs should be displayed in the desktop client. If a user
makes a request in SAS Data Integration Studio to run a job against an Oracle table, the
Oracle server wants to know who the user is so that it can determine whether the user
has access to the data in the table.
Single Sign-On in the SAS Intelligence Platform
Single Sign-On for SAS Desktop Applications
For desktop applications such as SAS Information Map Studio, SAS Enterprise Guide,
SAS Data Integration Studio, SAS OLAP Cube Studio, and SAS Management Console,
you can use the following single sign-on features:
• You can enable Integrated Windows authentication so that users will not receive a
logon prompt when they launch applications. Integrated Windows authentication is a
Microsoft technology that generates and validates Windows identity tokens. All
participating clients and servers must authenticate against the same Windows domain
(or against domains that trust one another).
• Users can also avoid the initial logon prompt by selecting the option to save their
credentials in a connection profile. (This option can be disabled on a site-wide basis.)
Single Sign-On for SAS Web Applications
You can enable Web authentication so that users will not receive a logon prompt when
they launch SAS Web applications such as SAS Web Report Studio and the SAS
Information Delivery Portal. In this configuration, SAS web applications use whatever
authentication scheme you have set up in your web environment. For example, if your
web environment is integrated with a third-party authentication provider, then the SAS
web applications participate in that scheme.
Single Sign-On for Data Servers and Processing Servers
Seamless access to SAS Stored Process Servers, SAS OLAP Servers, SAS Content
Servers, and SAS Pooled Workspace Servers is provided through SAS token
authentication. This mechanism causes participating SAS servers to accept users who are
connected to the metadata server. No individual external accounts are required, no user
passwords are stored in the metadata, and no reusable credentials are transmitted.
Seamless access to SAS Workspace Servers can be provided through SAS token
authentication, Integrated Windows authentication, or credential reuse. With credential
reuse, when a user provides credentials in the initial logon dialog box, the credentials are
added to the user's in-memory credential cache (user context) and then retrieved when
access to the workspace server is required.
Single Sign-On in the SAS Intelligence Platform 57