User authentication and authorisation in Evatic Service Hub

In release 7.1.0 we have implemented a new way to sign in to ESH, using Auth0 as our identity provider. Auth0 centralises sign in functionality and offers other benefits that we will explore going forward.

The scheduled jobs and other ESH functionality will work as before. You will still need a SQL user for running the jobs, which will need to be added when installing and upgrading ESH. The benefit is that the user may not need to know the SQL credentials to sign in.

NB: You can only use one ESH installation (one url) per database.
If you set up a new ESH with another URL on the same Evatic Database, signing in to the previous one will stop working.

Installing Evatic Service Hub

Installing ESH will be as before - you need to fill in the server, name and credentials of the Evatic and ESH databases. The web site fields and urls are also unchanged. See (url to install ESH...) for more information. The only change is that the installer will set up the connection with Auth0 automatically if it does not already exist.

Setting up ESH access in Evatic Admin Web

Users will need a user account and an associated email address in Evatic Admin Web (read more...).

Also the users will need permission to sign into ESH. This permission is given on the role level in EAW (url to set permission on roles in EAW...).

How Auth0 works in ESH

There is a new sign in page for ESH which will take you to the Auth0 login dialog. If you are not a valid user, you need to sign up with Auth0, with your email address. If you have a valid Auth0 user (say, with EAW or EMS), you can sign in to ESH with the same email and password.

Authentication (identifying who you are), will be done by Auth0. ESH will do the authorisation: check to see if this email address is registered on a user in EAW, and also verify that the user's role has permission to use ESH.

Inside the ESH application there is a new user profile button in the top right corner. The menu has logout functionality. After logout, you will be redirected to the Sign in page and can not access ESH until you have signed in again.

When Scheduled jobs run, they will use the sql users from the selected connection for each integration, and not your signed in user. So the user for signing in does not need to exist in the SQL server logins.