LoginHub
Flow and Configuration Overview

Overview

This document looks at the flow (some optional) of a user who is logging in to use Accruent and Maintenance Connection Canada's Maintenance Connection family of products.

  • MRO (The full blown desktop software that made Maintenance Connection famous.)
  • MCxLE/MCe (The online and offline cell phone and tablet friendly product family.)
  • MC Express (The online only cell phone optimized product)
  • DataHub
  • MC Reporting
  • MC Technician (MRO interface, but restricted to Technician features)
  • Service Requester

Flow

Option 1: using Direct URL

  1. The user accesses a 'direct URL' for logging in. The user selects the link (from favorites, or asaved link on the desktop etc..,) that will take them directly to Step 4 in Option 3.
  2. This can be a URL that passes extra information such as "go to this asset".
  • In this case, the application, like MCe, will be 'called' with extra information, it takes them directly to step 4, then, in step 11, it redirects them to the specific desired location.
  • Note: 2020, MC Express has a bug where they are not correctly saving state and returning state after the login provider dose the login.

Option 2: Using the LoginHub API

  1. The user accesses one or more links or pages, then is directed to Step 4 in Option 3.

Option 3: Using LoginHub Login Page

  1. The user accesses the LoginHub Login Page1
  2. The user selects Login Provider (OIDC, SAML… etc.)
  • OIDC configuration settings
    • Client ID
    • Client Secret
    • Authority (URL)
    • Numerous optional fields
  • SAML Configuration Settings
    • Entity ID
    • Single Sign On Service URL
    • Metadata Location URL
    • Certificate
    • Binding
    • Numerous Optional Fields
  • Active Directory
  • Azure AD (Similar in name to Active Directory)
  • Okta
  • More than 20 others under active development or design, planning to ship in 2019 and 2020. Priority will be given to those that specific customers would like to have.
  1. Redirect to the requested SSO Login Provider
  2. SSO Provider takes over.
  • If the user is logged in, in most cases they will be immediately returned
  • If the user is not logged in, they will go through the SSO login procedures
  1. Login Provider Redirects to LoginHub (including details about the user)
  • If they were logged in with their SSO provider, in many cases the user experience will be that they selected the SSO provider, and they were sent 'here' immediately.
  1. LoginHub Decrypts Login Details the SSO provider gave it
  • Claims that could be sent:
    • id = Username (Required)
    • role = Group (can be multiple but browser problems if you have more than 2 for a person) (Required)
    • email = User Email (Required)
    • givenName = First Name (Required, unless name has two words)
    • surname = Last Name (Required, unless name has two words)
    • name = Full Name (Optional, unless first/last name not present)
    • middleName = Middle Name (Optional)
    • initials = User Initials (Optional)
    • language = User Language (Optional - English assumed)
    • homePhone = User Home Phone (Optional)
    • workPhone = User Work Phone (Optional)
    • mobilePhone = User Mobile Phone (Optional)
    • pager = User Pager (Optional)
    • fax = User Fax (Optional)
    • repairCenterID = User Repair Center ID (Optional, inferred from Access Group UDF Char 1 OR Default Repair Center)
    • craftID = User Craft ID (Optional, configurable default)
  1. LoginHub Creates User or Finds Already Existing User
  • This typically takes a tiny fraction of a second
  1. LoginHub Updates User Details to Match the details passed from the Login Provider (ensures users remain correct to their directory configuration)
  • This typically takes a tiny fraction of a second
  • This is highly customizable
  1. LoginHub Presents Database Selection (Optional)
  • When the user has access to more than one database, they will be presented with a screen to pick which database they want.
  • This is an uncommon option. Most users only have access to one database.
  1. LoginHub Offers Application Selection (Optional)
  • When the user has access to more than one application, they will be presented with a screen to pick which application they currently want. While not the exhaustive list, the 3 most common will be:
    • MRO (the full-blown desktop web app)
    • MCe/MCxLE (the offline/online mobile/tablet optimized web app)
    • MC Express (the online only cell phone optimized web app)
  1. LoginHub Redirects Into Selected Application and Database
  2. Logout:
  • Different products act differently on logout, based on what is 'logical' to those products.
    • MRO for example returns to the LoginHub login page in step 1 above.
    • MCe/MCxLE, being an 'offline' product has two levels of logout, one (the normal) works offline and online and retains cached data, the other (rarely used except when retiring a device) returns to the LoginHub login page.

Footnotes

  • 1: Note. A valid question is: If there is only one configured provider, why does it not go directly to that Login Provider. The answer is: Because that would cause an infinite loop on logout. If you want to do this, you will have the standard login page and then you create a 'direct URL' that can be saved as a bookmark or shortcut.