Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledgebase
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Image Artist Spectrus, Percepta, Katalyst, Luminata and more
Downloads
Downloads
Community
Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

Signals Notebook: Can we have Separate Access Boundaries Within the Same Tenant Using Different Authentication Methods (SAML and Auth0 Subdomains)?

Sneha Saini
  • Updated

Infrastructure information: 
 
The different subdomains are essentially just different login entry points (“different doors with different lock types”) to the same tenant. Regardless of whether a user logs in through SAML authentication or through the Auth0 subdomain, they are still accessing the exact same tenant, users, and underlying content permissions.
This means that:

  • Access restrictions such as security policies, notebook sharing, experiment permissions, and data visibility remain identical across the tenant.
  • Logging in through a different authentication method does not provide users with additional privileges or broader access to confidential data.
  • If a user already has permission to access or download certain content, they will be able to do so regardless of which valid login URL/subdomain they used.

Suggestion from our end:
As a possible recommendation, one approach that could help address this concern would be to implement access restrictions through Virtual Machines (VMs), Virtual Desktop Infrastructure (VDIs), or secure virtual browser environments in collaboration with your IT team.
 
With this setup, both internal users and contractors can be restricted to accessing Signals Notebook only through their designated virtual environments. For example:

  • Internal users could be assigned a dedicated VDI configured to allow access only through the organization’s primary SAML-enabled URL.
  • External users or contractors could similarly be assigned separate VDIs or virtual browser environments that only permit access through their designated external login URL.

 This creates an additional infrastructure-level control layer where users are effectively guided to authenticate only through their intended access path. In practice, the VDI environment itself governs which URLs and authentication mechanisms are accessible to the user.
While the underlying tenant, users, and authorization policies would still remain the same within Signals Notebook, this approach can help organizations operationally enforce separation between internal and external access experiences and minimize the likelihood of users navigating through unintended authentication routes.

Comments

0 comments

Article is closed for comments.