Single Sign On Authentication Options

Security Note

Users in the System Administrator (-1) group can access these settings as well as any user with Admin: 16.0 Change Security Configurations set in Group Administration.

If you use a third-party single sign-on (SSO) scheme such as Shibboleth or LDAP with 25Live, users are automatically created in 25Live from your existing directory. You can use these settings to determine which group the new users belong to.

Select the Authentication Options choice in the menu at the top right:

Authentication Options menuImage: Authentication Options menu.

On this page you can set the following options:



Default group for new users

Any new user submitted to 25Live will be placed in the default security group you specify here unless the user is passed in with a valid security group that already exists in the Series25 database.

Behavior for existing users

Whenever any user authenticates who is not a new user or a system administrator, one of two things will happen:

  • Move the user from their current security group to any new group submitted with the user, as long as the security group already exists in the Series25 database.
  • Ignore any passed-in security group, so the user remains in their current 25Live security group.


Any existing user already in the 25Live System Administrators (-1) security group will never be moved from that group, regardless of the option selected here—even if a different, valid security group is passed in with that user.

Authentication Options for single sign-onImage: Authentication options for single sign-on.