Using multiple RSpace accounts with the same SSO identity

This document explains how a single SSO identity can have more than one account on RSpace. This use-case is designed for RSpace administrators who also want to use RSpace ELN as a regular user.

If you act as both a user or PI in RSpace, AND you are ALSO a Sysadmin or Community admin, be sure that you use the appropriate account when you need to perform tasks related to those different roles.

Do not add production data when logged in as a Sysadmin, or Community Admin, do not add Admins to any LabGroups, and do not try to use Sysadmin account to fill the PI or standard user role.

Before starting

  1. You'll need a working, installed RSpace 1.69.36 or newer.
  2. Follow Setting up SingleSignOn authentication guide so you know how regular user accounts and admin accounts can be created and managed using SSO.

Use the flowchart below to determine whether this document applies to you. If you get to the final, pink, box, then please keep reading....

If at all possible, it's better to use two separate SSO identities. This will help separate the two roles of researcher and adminstrator. The instructions below are for when this is not possible (for example, if your Identity Provider will not grant extra identities to the same individual person).

Setting up dual admin/user accounts

Let's start with an example. Alice Smith is a researcher who also manages an RSpace installation. She wants to have both an RSpace sysadmin account and a regular RSpace user account. She has university Id asmithand cannot get another one.

Steps

1. Sign up to RSpace for a user account using your SSO username (e.g. asmith ). This will be the default account; whenever you log into RSpace you will go to this regular user account.

2. Ask an existing sysadmin user to create a backdoor sysadmin account, with a different username and email, e.g. asmith-admin. You will subsequently be able to perform a separate admin login from within RSpace to access this account and perform admin actions.

This 'dual account' system still requires the user to be logged into RSpace through SSO. For security reasons, it is not possible to have a completely independent admin account that is not linked to an SSO identity, that could 'bypass' the SSO authentication system.

Please see Setting up SingleSignOn authentication for details of getting started with an initial sysadmin account to bootstrap the system.

Using the dual login system as admin user.

Let's start from the situation that you are entirely logged out of SSO and RSpace, and you want to perform some admin actions.

  1. Login to RSpace via SSO, using your SSO credentials (e.g. asmith).
  2. Once in RSpace, navigate to the /adminLogin page. RSpace will internally log you out of the asmith account, but your SSO session will remain active.
    You must only have one RSpace browser tab opened at this point, i.e. close all other RSpace tabs before navigating to /adminLogin page.
  3. On Admin Login page, login as asmith-admin, using correct credentials.
  4. Perform your admin actions.
    Here you can open multiple RSpace browser tabs again.
  5. When you're finished, logout. You will be logged out of RSpace and the enclosing SSO session will be ended.

Using the dual login system as a regular user.

Just authenticate to RSpace using your SSO credentials (e.g. asmith) and use RSpace as normal. This is just the regular workflow used by RSpace users.


How did we do?


Powered by HelpDocs (opens in a new tab)

Powered by HelpDocs (opens in a new tab)