Drupal Single-Sign-On

Problem

Spire Energy maintains an employee-only Drupal site. This acts as a central hub to communicate with all employees.

Spire needed a way to restrict access to employees only, but have the site live on a public domain outside of their network and not behind their firewalls and VPNs. Because this information is employee-only, it would not be acceptable to provide a simple username and password to be shared among all as Spire needed tighter control over who can view the information at any given time.

Solution

Our solution was to use Drupal’s native user module and tie it to Spire’s authentication system.

We used the Require Login Drupal module to require that all users are logged in to view content. The SimpleSAMLPhp Auth Drupal module is then used to connect the site to Spire’s SAML identity provider (IDP) and create a new Drupal user on the first successful login.

Subsequent authentications request user status from Spire authentication to update permissions, ensuring that Spire can dictate who has access to the Champions site at any time.

Result

The client is able to restrict access to the website to current employees only. The communications team at Spire is able to use Drupal to create, revise, and publish communications to all Spire employees in one central location.