Authentication Options

In this mode, the Windows credentials of the current user are automatically passed to the Kyubit application. This is ideal for internal corporate environments where users are already logged into the domain.

Technical Note: If the Kyubit web server and SSAS reporting tools reside on different servers, Kerberos delegation must be configured to allow credential "hopping."

• Seamless Single Sign-On (SSO) experience.
• Leverages existing Active Directory security groups.
• Requires all users to have a Windows Domain account.

Users are prompted with a web-based login form to enter their Windows credentials. This is highly recommended for environments using HTTPS and provides better support for mobile devices and external access.

• Explicit Log-out/Log-in functionality.
• Bypasses complex Kerberos requirements in distributed environments.
• Users still require a valid Windows account to log in.

This mode allows the Kyubit Administrator to create and manage users directly within the application database. This is the preferred method for multitenant BI deployments or scenarios where external clients should not have access to your Windows Domain.

Data Access: Since OLAP reporting often requires a Windows account, each Kyubit user can be mapped to a specific Windows identity for data retrieval, or fallback to the Application Pool identity.

• No need to create Windows accounts for external stakeholders.
• Full control over permissions and group management in-app.
• Requires manual user creation by the BI Administrator.