Viewpoint relies on an Identity Provider (IdP) to enable SSO support by using the JWT based authentication. Vantage uses the Ping Federate as the Identity Provider (Vantage IdP) and Viewpoint supports only this IdP. If the Viewpoint integration with SSO is enabled, then the Vantage IdP authenticates Viewpoint users. In this case the Viewpoint logon UI does not appear, and the user is directed to the Vantage IdP logon UI for authentication.
Vantage IdP also supports integrating the IdP of customers, called BYOIdP (Bring your own Identity Provider).
Accessing Viewpoint
Log on into Viewpoint as a Vantage IdP or BYOIdP user. If you are logging in for the first time to the Viewpoint, you get the User role. In Vantage if your roll claim set value is TD-Customer-Admin, then you get the VP_User_Manager role.
New Customers
As a new Vantage IdP or BYOIdP user, when you log on to Viewpoint for the first time, you automatically become a Viewpoint user. Role assignment remains the same.
Existing Viewpoint Customers Using the Vantage IdP
For the existing Viewpoint users to access Viewpoint through Vantage IdP, you need to create new users in the Vantage IdP with the same username. The Viewpoint roles assigned to these users continue to work as before.
Existing Viewpoint Customers Using the BYOIdP
If the existing Viewpoint username matches with the IdP username, then the Viewpoint roles assigned to these users continue to work as before.
Viewpoint maps the teradata_username claim value from the JWT to the Viewpoint portal username. If the value does not exist, then the subject name of the claim becomes the username. For existing customers, the teradata_username claim value coming from the Vantage IdP matches with the Viewpoint portal username. If the value does not match, Viewpoint considers the user as a new user, and assigns a default role.
Install a version of Viewpoint that supports Vantage IDP integration. Versions 16.50.05 and later support Vantage IDP integration.