Shibboleth User Verification Customer Implementation Guide Version 3.5

Size: px
Start display at page:

Download "Shibboleth User Verification Customer Implementation Guide 2015-03-13 Version 3.5"

Transcription

1 Shibboleth User Verification Customer Implementation Guide Version 3.5

2 TABLE OF CONTENTS Introduction... 1 Purpose and Target Audience... 1 Commonly Used Terms... 1 Overview of Shibboleth User Verification... 3 What is User Verification?... 3 What is Shibboleth?... 3 Shibboleth Federations... 4 How Shibboleth Works... 5 Customer Experience Diagram... 6 Shibboleth Implementation at a Glance... 6 Configuring your IdP... 7 Metadata and Kivuto Entity IDs... 7 Attributes... 7 Configuring Shibboleth on your ELMS WebStore Setting up Shibboleth as a WebStore Verification Type Configuring Shibboleth Verification Details Tab Settings Tab Diagnostics Tab Post-Implementation Procedures Testing your Integration Testing the Workflow Validation Troubleshooting Restoring Administrative Roles Shibboleth Implementation Scenarios Scenario 1: Organizational ELMS WebStore for a Single Federation Member Scenario 2: Departmental ELMS WebStore for a Single Federation Member Scenario 3: Integrated ELMS WebStore for a Single Federation Member Scenario 4: ELMS WebStore for ALL Members of a Federation Shibboleth User Verification: Customer Implementation Guide

3 Support Shibboleth User Verification: Customer Implementation Guide

4 Introduction This section covers the following areas: Purpose and Target Audience Commonly Used Terms PURPOSE AND TARGET AUDIENCE This document gives you detailed instructions for establishing a single sign-on mechanism between a Kivuto customer s existing Shibboleth IdP and a Kivuto ELMS WebStore. This document is aimed primarily at ELMS Administrators and technical staff who manage identity services for their organization. Read this document in conjunction with the online help available in the e5 Administration website. COMMONLY USED TERMS Term ELMS / e5 Definition/description Electronic License Management System Customer Shopper An organization that is using Shibboleth to authenticate shoppers to use an ELMS WebStore. In the ELMS Administration website, a customer is defined as an Organization. User that is being signed in to an ELMS WebStore. WebStore Organizational WebStore Departmental WebStore A Kivuto ELMS e-commerce website that provides products for sale on behalf of the customer. A WebStore associated with an organization-wide software-distribution agreement (e.g. DreamSpark Standard). All members of an entire organization are eligible to order software through WebStores of this type. A WebStore associated with a departmental software-distribution agreement (e.g. DreamSpark Premium). Only members of a specific department within an organization are eligible to order software through WebStores of this type. Shibboleth User Verification: Customer Implementation Guide

5 Term Integrated WebStore ELMS Administration Shibboleth IdP SP EntityID Definition/description An ELMS WebStore associated with multiple software-distribution agreements, both organization-wide and departmental. All members of an entire organization can sign on to WebStores of this type and will be eligible to order software offered through the organization-wide agreement(s). Members of eligible departments will have access to software offered through the departmental agreement(s). Secure administration module in ELMS that contains functions to manage a WebStore as well as set up user verification. This module is accessible by authorized users only. From The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. Identity Provider. The software used by an organization with users who want to access a restricted service. Service Provider. The software run by the provider managing the restricted service (for example, Kivuto). Unique name of an IdP or an SP within a Shibboleth deployment. Kivuto s EntityID value is: https://e5.onthehub.com. Metadata Configuration data used by IdPs and SPs to communicate with each other. Attributes External Organization Code WAYF Assertions made by an IdP about a person, such as an address or a unique identifier. Code supplied by an organization or its parent organization to identify it during communications with a Single Sign-On verification service like Shibboleth. For departmental WebStores, an attribute matching this code must be passed to limit access to members of the eligible department. Where Are You From discovery services Shibboleth User Verification: Customer Implementation Guide

6 Overview of Shibboleth User Verification This section covers the following areas: What is User Verification? What is Shibboleth? How Shibboleth Works o Customer Experience Diagram Shibboleth Implementation at a Glance WHAT IS USER VERIFICATION? User verification is the method by which a WebStore user s eligibility to order software is authenticated. Only authenticated users can order software in your WebStore. The ELMS Administrator must define how their users are authenticated. This is referred to as methods of verification. There are many verification methods that can be used to authenticate users, including domain, user import, Integrated User Verification (IUV) and Shibboleth (from a Federated Identity Program). WHAT IS SHIBBOLETH? Shibboleth is a single sign-on (SSO) method of verification that has achieved widespread adoption worldwide. Reasons for this range from its open-source origins to its model of privacy protection that gives individuals and organizations a great deal of control over what personal information is released to external parties. Shibboleth is often used by a federation or group of organizations. For example, InCommon is a federation of organizations in the United States. The Canadian Access Federation is a group offering Shibboleth services to Canadian educational institutions. For those requiring background information about Shibboleth, refer to the project s website at Step-by-step demos of the sign on process are available at Shibboleth User Verification: Customer Implementation Guide

7 SHIBBOLETH FEDERATIONS Customers using Shibboleth with ELMS must be members of a federation of which Kivuto is an SP. See Table 1 for a list of federations supported by Kivuto. Table 1: Federation List Federation SWITCH InCommon Canadian Access Federation (CAF) UK Federation WAYFDK SWAMID Haka Belnet Edugate DFN IDEM RENATER ACO GRNET GakuNin AAF Country Switzerland United States Canada United Kingdom Denmark Sweden Finland Belgium Ireland Germany Italy France Austria Greece Japan Australia Shibboleth User Verification: Customer Implementation Guide

8 HOW SHIBBOLETH WORKS The following are typical steps in a Shibboleth sign-on to an ELMS WebStore: Shopper arrives at ELMS WebStore: When the shopper clicks the link to sign in or performs an action that requires authentication (for example, adding an item to a shopping cart), the Shibboleth SP software integrated with the ELMS WebStore redirects the shopper to the customer s Shibboleth IdP sign-in page, or to a remote discovery service (WAYF) if necessary. Shopper chooses home organization: This step is not usually necessary, but is available for cases when more than one member of a federation accesses the same ELMS WebStore. The discovery service provides the shopper with a list of organizations from which the shopper chooses his or her home organization and subsequently redirects the shopper to the customer s site. Customer site authenticates shopper: The customer s site prompts the shopper for his or her credentials, and authenticates the user. This authentication is coordinated by the customer s Shibboleth IdP software. The IdP builds a minimal set of attributes for the shopper that are required by Kivuto. The site then redirects the shopper back to the ELMS WebStore. ELMS WebStore authenticates shopper: The attributes released by the customer s IdP are used to create a set of credentials on the ELMS WebStore (user account). This action completes the verification process and the original page requested by the shopper is displayed. Shibboleth User Verification: Customer Implementation Guide

9 CUSTOMER EXPERIENCE DIAGRAM ELMS Discovery (WAYF) Customer IdP Shopper clicks Sign In link Shopper chooses home organization (if required) Shopper enters username and password ELMS processes shopper attributes Shopper begins shopping! SHIBBOLETH IMPLEMENTATION AT A GLANCE + + TEST YOUR INTEGRATION Configure your IdP Release attributes to Kivuto Entity IDs Configure ELMS to communicate with your IdP Shibboleth User Verification: Customer Implementation Guide

10 Configuring your IdP This section covers the following areas: Metadata and Kivuto Entity IDs Attributes METADATA AND KIVUTO ENTITY IDS If your organization is an IdP in a federation that has accepted Kivuto as an SP, then both will be found in the metadata published by the federation. The Entity ID used by Kivuto is: https://e5.onthehub.com ATTRIBUTES The minimum set of identity assertions required by Kivuto is the following: a unique identifier for a shopper o This allows the shopper to be identified across multiple logins. a list of group affiliations o This gives the shopper access to products that are restricted to members of specific user groups. For example, a product may only be available to faculty or staff members. Further identity assertions may be made (passed during integration) to further personalize the ELMS WebStore for your users. For a list of attributes, see Table 2: Attributes below. Note: Which attributes must be passed depends on the implementation scenario. See Shibboleth Implementation Scenarios to determine which attributes are required for your implementation. Shibboleth User Verification: Customer Implementation Guide

11 Table 2: Attributes Attribute edupersontargetedid urn:mace:dir:attribute-def:edupersontargetedid: urn:oid: Description Unique identifier for a user. If opaque, it may be desirable to use the Hide Username setting (see Table 3: Settings). persistent ID (SAML 2.0) urn:oasis:names:tc:saml:2.0:nameid-format:persistent uid urn:mace:dir:attribute-def:uid urn:oid: SwissEP_UniqueID urn:mace:switch.ch:attribute-def:swissedupersonuniqueid urn:oid: edupersonprincipalname urn:mace:dir:attribute-def:edupersonprincipalname urn:oid: Unique identifier for a user. Unique identifier for a user. Unique identifier for a user (SWITCHaai). Unique identifier for a user. Can be used in combination with other unique IDs in which case edupersonprincipalname will be a user s username, and the other ID will be captured as the member identifier on a user verification. edupersonscopedaffiliation urn:mace:dir:attribute-def:edupersonscopedaffiliation urn:oid: Grants eligibility to a user through user group membership. Attribute value maps to user group as follows: Important: This attribute and the default values available are intended to be passed by academic organizations. Corporate organizations may need to pass different parameters to indicate the eligibility of their users. Consult your account manager for details. student -> Students faculty -> Faculty staff -> Staff employee -> Faculty/Staff member -> Students/Faculty/Staff edupersonaffiliation urn:mace:dir:attribute-def:edupersonaffiliation urn:oid: edupersonprimaryaffiliation urn:mace:dir:attribute-def:edupersonprimaryaffiliation urn:oid: Grants eligibility to a user. Same mapping as scoped attribute. Grants eligibility to a user. Same mapping as scoped attribute. Shibboleth User Verification: Customer Implementation Guide

12 Attribute ismemberof urn:mace:dir:attribute-def:ismemberof urn:oid: Description Used for custom user group or organization mapping. Multivalue, use comma or semi-colon delimiters. Values may be qualified, for example, urn:mace:example.edu:groups:groupcode. The last portion of the qualified values are used when matching against system codes. For user groups, values will be matched against User Group Code fields found in the e5 Administration website under Users» User Groups section. When matched, the user will be granted membership in the corresponding group. For organizations, values will be matched against the External Organization Code (which can be found on the Organization page of the ELMS Administration website once it has been provided to Kivuto) for the WebStore organization or any of its affiliated organizations. When a match is made, a user verification will be created for the user linking them to the organization with any corresponding user groups. This can be used, for example, to specify that a user is a member of a specific department. Note: Organizations with departmental WebStores must pass an attribute used for organization mapping that matches their External Organization Code. edupersonentitlement urn:mace:dir:attribute-def:edupersonentitlement SAML2: urn:oid: Used for custom user group or organization mapping. See ismemberof for details on how values are mapped. Values are URIs, either URNs or URLs. Any valid URNs may be used (e.g. urn:mace:school.edu:exampleresource)both the whole URN value (urn:mace:school.edu:exampleresource) and the namespace-specific string portion (exampleresource) will be matched against group and organization mappings. Only URLs of the form can be used. These are not meant to be resolvable. The value portion ([code]) will be matched against group and organization mappings. Note: Organizations with departmental WebStores must pass an attribute used for organization mapping that matches their External Organization Code. Shibboleth User Verification: Customer Implementation Guide

13 Attribute ou urn:mace:dir:attribute-def:ou urn:oid: Description Used for organization mapping. Multi-valued, comma or semi-colon delimiters are expected. Values will be matched against the External Organization Code (which can be found on the Organization page of the ELMS Administration website once it has been provided to Kivuto). When a match is made, a user verification will be created for the user linking them to the organization with any corresponding user groups. This can be used, for example, to specify that a user is a member of a specific department. Note: Organizations with departmental WebStores must pass an attribute used for organization mapping that matches their External Organization Code. edupersonorgunitdn urn:mace:dir:attribute-def:edupersonorgunitdn urn:oid: Used for organization mapping. The distinguished name(s) of the directory entries representing the user s organizational unit. Multi-valued, pipe ( ) characters are expected as delimiters. Values are expected in the DN form, e.g. ou=potions, o=hogwarts, dc=hsww, dc=wiz. In the example case, Potions would be the parsed value and would be matched against External Organization Code fields (see ou). Note: Organizations with departmental WebStores must pass an attribute used for organization mapping that matches their External Organization code. Surname urn:mace:dir:attribute-def:sn urn:oid: User s surname. givenname urn:mace:dir:attribute-def:givenname urn:oid: User s given name. mail urn:mace:dir:attribute-def:mail urn:oid: homeorganization urn:mace:switch.ch:attribute-def:swissedupersonhomeorganization urn:oid: User s address. The organization the user belongs to (SWITCHaai). Shibboleth User Verification: Customer Implementation Guide

14 Attribute homeorganizationtype urn:mace:switch.ch:attributedef:swissedupersonhomeorganizationtype urn:oid: Description The type of organization the user belongs to. A value of university or uas is required for the user to be granted academic eligibility (SWITCHaai). Shibboleth User Verification: Customer Implementation Guide

15 Configuring Shibboleth on your ELMS WebStore This section covers the following areas: Setting up Shibboleth as a WebStore Verification Type Configuring Shibboleth Verification o Details o Settings o Diagnostics Important: All tasks described in this section must be performed by a registered and active ELMS administrator while signed in to the ELMS Administration site (https://e5.onthehub.com/admin). You will need your organization s account number and a valid username and password to sign in. SETTING UP SHIBBOLETH AS A WEBSTORE VERIFICATION TYPE Before you can configure Shibboleth to work with your ELMS WebStore, you must define Shibboleth as a verification type. To set up Shibboleth as a verification type: 1. On the e5 Administration site, click: WebStore. 2. Click the Verification tab. The list of currently configured verification types is displayed. By default, User Import or a different verification type may have been configured for your WebStore when it was deployed. 3. Click the check box beside any verification type that is not Shibboleth and then click the Delete button (or click the Deactivate link in the Actions column next to any verification type that is not Shibboleth). 4. Click the Add button. A new window opens. 5. Click the check box beside Shibboleth. 6. Click the OK button to save your selection. CONFIGURING SHIBBOLETH VERIFICATION Once Shibboleth has been defined as a verification type for your organization, you need to configure it. Shibboleth User Verification: Customer Implementation Guide

16 To configure Shibboleth: 1. On the Main menu, go to WebStore. 2. Click the Verification tab. 3. Click the Shibboleth link. A new window opens with two tabs: Details and Settings. DETAILS TAB It is not generally necessary, or advisable, to change the default values of the fields on this tab. Use care if you want to change the default values for Sector and Verifications Expire In. Changing these values could break your implementation, resulting in your end-users not being able to sign into the ELMS WebStore. SETTINGS TAB The Settings page defines all of the customer (organization) information that is required by Kivuto. See Table 3: Settings. Note: Which settings are required depends on the implementation scenario. See Shibboleth Implementation Scenarios to determine which settings are required for your implementation. Table 3: Settings Information Relying Party Description List of federations that Kivuto is a member of (for example, InCommon, SWITCHaai). Identity Provider EntityID Federation discovery services (WAYF) can be bypassed by providing a value for this setting. If the WebStore is specific to a single IdP, then this value should be considered as required. The value should be exactly as it is found in metadata. For example: urn:mace:incommon:myorg.edu or https://shibboleth.myorg.edu IUV Administrator Address address of individual (or distribution list) who will receive error messages from ELMS. Shibboleth User Verification: Customer Implementation Guide

17 Information Hide Username Description When checked, this setting prevents a user's unique identifier from being shown in several places in the WebStore user interface. This is useful when a screen-friendly username is not provided (e.g. a GUID) as part of the set of released attributes from the IdP. Logout Redirect URL The URL where a user will be redirected to when they sign out from the WebStore and the Shibboleth SP. If left empty, on signing out the user will remain on the WebStore and will be shown a message similar to the following: You have been signed out of this website, but remain signed in to your Single Sign On system. If you want to log out completely, you MUST close your browser. Enable Diagnostics Mode Restrict Eligibility Scope When enabled, server state data is captured for every sign-in attempt, and the most recent of these may be viewed on the Diagnostics tab. See the Troubleshooting section under Testing your Integration. If checked, eligibility attributes (e.g. edupersonscopedaffiliation) will only be processed for users with accompanying attributes containing organization mapping information (ou, edupersonorgunitdn, ismemberof, edupersonentitlement). If unchecked, eligibility attributes will be processed for all users. If accompanying organization mapping attributes are present, users will be given membership in the corresponding organizations. Otherwise, users will be given membership in the WebStore organization. This data can be seen, post-login, by examining the corresponding user verification records (Users» [select user]» Verifications). Note: This option must be selected if you are configuring Shibboleth for a purely departmental WebStore so that only members of the appropriate department are granted eligibility. This is the only time this option should be selected. Shibboleth User Verification: Customer Implementation Guide

18 DIAGNOSTICS TAB The Diagnostics page displays data captured during recent sign-in attempts. Nothing will be shown unless Diagnostics Mode is enabled through the Settings page (see Table 3: Settings). For details on what is displayed, see the Troubleshooting section under Testing your Integration. Shibboleth User Verification: Customer Implementation Guide

19 Post-Implementation Procedures This section describes steps that must be performed after your integration is complete. These include: Testing your Integration Restoring Administrative Roles TESTING YOUR INTEGRATION TESTING THE WORKFLOW Below are the common steps required for testing your implementation. 1. Configure your IdP. 2. Configure your ELMS WebStore. 3. Trigger the authentication process from your ELMS WebStore. If you are already signed in to the administration site, you will have to sign out first or use a different browser. If the Shibboleth verification type is in Testing status, you will have to use the testing URL found in WebStore» Verification that enables test verification methods when accessing your WebStore. 4. Authenticate with your IdP and ensure that you are then successfully signed in to your ELMS WebStore. 5. Validate the data created for the user in your ELMS WebStore as described in the next section. 6. When everything works as expected, contact Kivuto to proceed. VALIDATION After successful authentication, it is helpful to view a user s profile to ensure that all expected eligibility groups and personalization information has been set correctly. From the ELMS WebStore: 1. Click the Your Account/Orders link above the page banner. 2. Click the Account Details link. Any personalization information that was passed is displayed. 3. Return to the Your Account/Orders page and click the Your Eligibility link to view the eligibility groups that your account has been assigned to. Shibboleth User Verification: Customer Implementation Guide

20 From the ELMS Administration site: 1. On the Main menu, go to Users. 2. Search for the desired user and click the Username to navigate to the details page. Any personalization information passed is displayed. 3. Click the Verifications tab. For each successful authentication there will be an entry that contains the expected list of eligibility groups. TROUBLESHOOTING Should you run into problems during authentication, or if the personalization or eligibility information was not created as expected for your users, then it may be helpful to enable Diagnostics Mode (see Table 3). Data captured during recent sign-in attempts, whether successful or not, will then be displayed on the Shibboleth Diagnostics tab. Clicking on an individual sign-in attempt brings up a Details page with the following sections: User o Username, first and last names, address. Empty for failed attempts. User Verifications o For each organization the user was mapped to (via ou, ismemberof, etc.), the corresponding user verification, along with the unique member identifier, the verification expiry date, and user group memberships. Empty for failed attempts. Shibboleth Server Variables o The IIS server variables that were part of the Shibboleth session active during the sign-in attempt. If expected attributes are not shown here, then the Shibboleth server has discarded them due to an unsupported mapping or value formatting. For a breakdown of how entries in the Shibboleth Server Variables section map to Shibboleth attributes, see Table 4: Shibboleth Server Variables. Other Server Variables o Other IIS server variables active during the sign-in attempt. Not likely useful, but presented in case a variable was not classified correctly, and included in the Shibboleth section above. Shibboleth User Verification: Customer Implementation Guide

21 Table 4: Shibboleth Server Variables Variable Name HTTP_TARGETEDID HTTP_PERSISTENTID HTTP_AFFILIATION HTTP_ISMEMBEROF HTTP_ACADEMICCAREER HTTP_PRINCIPALNAME HTTP_GIVENNAME HTTP_MAIL HTTP_SURNAME HTTP_UID HTTP_ENTITLEMENT HTTP_OU HTTP_ORGUNITDN Attribute Name(s) edupersontargetedid urn:oid: urn:oasis:names:tc:saml:2.0:nameid-format:persistent urn:mace:dir:attribute-def:edupersonaffiliation urn:oid: urn:mace:dir:attribute-def:edupersonscopedaffiliation urn:oid: urn:mace:dir:attribute-def:edupersonprimaryaffiliation urn:oid: urn:mace:dir:attribute-def:ismemberof urn:oid: urn:mace:dir:attribute-def:academiccareer rn:oid: urn:mace:dir:attribute-def:edupersonprincipalname urn:oid: urn:mace:dir:attribute-def:givenname urn:oid: urn:mace:dir:attribute-def:mail urn:oid: urn:mace:dir:attribute-def:sn urn:oid: urn:mace:dir:attribute-def:uid urn:oid: urn:mace:dir:attribute-def:employeenumber urn:oid: urn:mace:dir:attribute-def:edupersonentitlement urn:oid: urn:mace:dir:attribute-def:ou urn:oid: urn:mace:dir:attribute-def:edupersonorgunitdn urn:oid: Shibboleth User Verification: Customer Implementation Guide

22 Variable Name HTTP_UNIQUEID HTTP_HOMEORGANIZATION HTTP_HOMEORGANIZATIONTYPE HTTP_STUDYBRANCH1 HTTP_STUDYBRANCH2 Attribute Name(s) urn:mace:switch.ch:attribute-def:swissedupersonuniqueid urn:oid: urn:mace:switch.ch:attribute-def:swissedupersonhomeorganization urn:oid: urn:mace:switch.ch:attribute-def:swissedupersonhomeorganizationtype urn:oid: urn:mace:switch.ch:attribute-def:swissedupersonstudybranch1 urn:oid: urn:mace:switch.ch:attribute-def:swissedupersonstudybranch2 1. urn:oid: HTTP_STUDYBRANCH3 HTTP_STUDYLEVEL urn:mace:switch.ch:attribute-def:swissedupersonstudybranch3 urn:oid: urn:mace:switch.ch:attribute-def:swissedupersonstudylevel urn:oid: RESTORING ADMINISTRATIVE ROLES Shibboleth implementation creates a new account for each user of your WebStore. When a user s new username does not match their old username, administrative roles are not passed from the old account to the new. As a result, some of your WebStore s administrators may find that they cannot access the ELMS administration site when they sign in with their new Shibboleth account. Affected administrators have two options if they wish to continue acting in their previous administrative capacity. 1. Contact Kivuto s DreamSpark Support Team and request that the administrative roles associated with their old account be assigned to their new account. Note: Depending on the role being requested, the request may have to come from the primary administrator of your WebStore (i.e. the individual under whose name your organization s DreamSpark subscription was issued). 2. Continue to sign in using their old account credentials rather than through Shibboleth. This can be done through the admin sign-in portal at: e5.onthehub.com/admin. Shibboleth User Verification: Customer Implementation Guide

23 Shibboleth Implementation Scenarios The nature of your organization, WebStore and software-distribution agreement determine which of the attributes described in Table 2 are required by Kivuto and which of the settings described in Table 3 must be configured in order to successfully implement Shibboleth verification. This section describes the most common Shibboleth implementation scenarios and summarizes the unique implementation requirements of each. Scenario 1: Organizational ELMS WebStore for a single federation member Scenario 2: Departmental ELMS WebStore for a single federation member Scenario 3: Integrated ELMS WebStore for a single federation member Scenario 4: ELMS WebStore for ALL members of a federation SCENARIO 1: ORGANIZATIONAL ELMS WEBSTORE FOR A SINGLE FEDERATION MEMBER In this scenario, an ELMS WebStore is deployed for a single federation member (organization) under an organization-wide agreement (e.g. DreamSpark Standard). The organization is directly integrated to the federation without users having to choose their organization through the use of discovery services (WAYF). The implementation requirements for Scenario 1 are as follows. See Table 2 and Table 3 for a description of each attribute and setting listed, and for optional additional attributes/settings. Attribute Requirements: Unique identifier for a user. For example: edupersontargetedid Persistent ID UID edupersonprincipalname Eligibility (user group) identifier for a user. For example: edupersonscopedaffiliation edupersonaffiliation edupersonprimaryaffiliation ismemberof (for custom user groups) edupersonentitlement (for custom user groups) ELMS Configuration Requirements: On the e5 WebStore Verification Settings page: Select your federation from the Relying Party dropdown list. Identify your discovery services provider in the Identity Provider EntityID field. Provide an IUV Administrator Address. Shibboleth User Verification: Customer Implementation Guide

24 SCENARIO 2: DEPARTMENTAL ELMS WEBSTORE FOR A SINGLE FEDERATION MEMBER In this scenario, an ELMS WebStore is deployed for a specific department of a federation member (organization) under a departmental agreement (e.g. DreamSpark Premium). Important: A parameter matching the department s External Organization Code must be provided in this scenario so that access is restricted to members of the eligible department. The implementation requirements for Scenario 2 are as follows. See Table 2 and Table 3 for a description of each attribute and setting listed, and for optional additional attributes/settings. Attribute Requirements: Unique identifier for a user. For example: edupersontargetedid Persistent ID UID edupersonprincipalname Eligibility (user group) identifier for a user. For example: edupersonscopedaffiliation edupersonaffiliation edupersonprimaryaffiliation ismemberof (for custom user groups) edupersonentitlement (for custom user groups) Organization (department) identifier configured to match the appropriate External Organization Code. For example: ismemberof edupersonorgunitdn ou ELMS Configuration Requirements: On the e5 WebStore Verification Settings page: Select your federation from the Relying Party dropdown list. Identify your discovery services provider in the Identity Provider EntityID field. Provide an IUV Administrator Address. Select the Restrict Eligibility Scope option to restrict eligibility to members of the appropriate department. (Note: This is the only scenario in which this option is selected.) SCENARIO 3: INTEGRATED ELMS WEBSTORE FOR A SINGLE FEDERATION MEMBER In this scenario, an integrated ELMS WebStore (i.e. a WebStore that combines organizational and departmental agreements, so that some users are eligible to access all offerings while others are only eligible to access some offerings) is deployed for a single federation member (organization). The implementation requirements for Scenario 3 are as follows. See Table 2 and Table 3 for a description of each attribute and setting listed, and for optional additional attributes/settings. Shibboleth User Verification: Customer Implementation Guide

25 Attribute Requirements: Unique identifier for a user. For example: edupersontargetedid Persistent ID UID edupersonprincipalname Eligibility (user group) identifier for a user. For example: edupersonscopedaffiliation edupersonaffiliation edupersonprimaryaffiliation ismemberof (for custom user groups) edupersonentitlement (for custom user groups) Organization (department) identifier configured to match the appropriate External Organization Code.** For example: ismemberof edupersonorgunitdn ou ELMS Configuration Requirements: On the e5 WebStore Verification Settings page: Select your federation from the Relying Party dropdown list. Identify your discovery services provider in the Identity Provider EntityID field. Provide an IUV Administrator Address. **Note: If a value matching a department s External Organization Code is not passed, the user will still be able to sign in, but will only have access to products offered through the organizational program(s). SCENARIO 4: ELMS WEBSTORE FOR ALL MEMBERS OF A FEDERATION This scenario involves an ELMS WebStore deployed for ALL members of a federation. During the sign-in process, the WebStore points the user to a discovery services website (WAYF) where they choose the organization they belong to. The implementation requirements for Scenario 4 are as follows. See Table 2 and Table 3 for a description of each attribute and setting listed, and for optional additional attributes/settings. Attribute Requirements: Unique identifier for a user. For example: edupersontargetedid Persistent ID UID edupersonprincipalname Eligibility (user group) identifier for a user. For example: edupersonscopedaffiliation edupersonaffiliation edupersonprimaryaffiliation ismemberof (for custom user groups) edupersonentitlement (for custom user groups) ELMS Configuration Requirements: In the e5 WebStore Verification Settings page: Select your federation from the Relying Party dropdown list. DO NOT enter a value in the Identity Provider EntityID field (discovery services will be used instead). Provide an IUV Administrator Address. Shibboleth User Verification: Customer Implementation Guide

26 Support If you have any difficulties with configuring Shibboleth for ELMS or require technical assistance, send an to Be sure to include the following in your Customer Name Contact Name Contact Contact Phone ELMS Account Number Detailed description of the problem or request for information Shibboleth User Verification: Customer Implementation Guide

Authentication Methods

Authentication Methods Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the

More information

Single Sign On at Colorado State. Ron Splittgerber

Single Sign On at Colorado State. Ron Splittgerber Single Sign On at Colorado State Ron Splittgerber Agenda Identity Management Authentication Authorization The Problem The Solution: Federation Trust Between Institutions Trust Between Institution and Federal

More information

Security Assertion Markup Language (SAML) Site Manager Setup

Security Assertion Markup Language (SAML) Site Manager Setup Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and

More information

Authentication Integration

Authentication Integration Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication

More information

Shibboleth Authentication. Information Systems & Computing Identity and Access Management May 23, 2014

Shibboleth Authentication. Information Systems & Computing Identity and Access Management May 23, 2014 Shibboleth Authentication Information Systems & Computing Identity and Access Management May 23, 2014 For every question an answer: Why should I care about SAML? What is a Shibboleth? What is a Federation?

More information

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation

More information

Configuring. Moodle. Chapter 82

Configuring. Moodle. Chapter 82 Chapter 82 Configuring Moodle The following is an overview of the steps required to configure the Moodle Web application for single sign-on (SSO) via SAML. Moodle offers SP-initiated SAML SSO only. 1 Prepare

More information

SAML single sign-on configuration overview

SAML single sign-on configuration overview Chapter 46 Configurin uring Drupal Configure the Drupal Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with a Drupal-based web application. Configuration also specifies

More information

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites Single Sign On (SSO) Implementation Manual For Connect 5 & MyConnect Sites Version 6 Release 5.7 September 2013 1 What is Blackboard Connect Single Sign On?... 3 How it Works... 3 Drawbacks to Using Single

More information

SAML Single-Sign-On (SSO)

SAML Single-Sign-On (SSO) C O L A B O R A T I V E I N N O V A T I O N M A N A G E M E N T Complete Feature Guide SAML Single-Sign-On (SSO) 1. Features This feature allows administrators to setup Single Sign-on (SSO) integration

More information

Egnyte Single Sign-On (SSO) Installation for OneLogin

Egnyte Single Sign-On (SSO) Installation for OneLogin Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin

More information

Microsoft Office 365 Using SAML Integration Guide

Microsoft Office 365 Using SAML Integration Guide Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 VMware Identity Manager JULY 2015 V1 Table of Contents Overview... 2 Passive and Active Authentication Profiles... 2 Adding

More information

SAM Context-Based Authentication Using Juniper SA Integration Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

SAP NetWeaver AS Java

SAP NetWeaver AS Java Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About

More information

Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only)

Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only) Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only) This document is intended for technical professionals who are familiar with SAML and have access to the Identity Provider that will

More information

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management and Shibboleth Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management Management of digital identity/credentials (username/password) Access

More information

SafeNet Authentication Service

SafeNet Authentication Service SafeNet Authentication Service Integration Guide Using SafeNet Authentication Service as an Identity Provider for Google Apps All information herein is either public information or is the property of and

More information

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them. This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and

More information

QualysGuard SAML 2.0 Single Sign-On. Technical Brief

QualysGuard SAML 2.0 Single Sign-On. Technical Brief QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,

More information

Connected Data. Connected Data requirements for SSO

Connected Data. Connected Data requirements for SSO Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated

More information

Federated Identity Management Checklist

Federated Identity Management Checklist Federated Identity Management Checklist This document lists the minimum (marked with an *) and recommended policy, process, and technical steps required to implement Federated Identity Management and operate

More information

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies

More information

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) To set up ADFS so that your employees can access Egnyte using their ADFS credentials,

More information

SAML single sign-on configuration overview

SAML single sign-on configuration overview Chapter 34 Configurin guring g Clarizen Configure the Clarizen Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with Clarizen. Configuration also specifies how the application

More information

Configuring Sponsor Authentication

Configuring Sponsor Authentication CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

More information

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other. w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for VMware Horizon To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to

More information

IGI Portal architecture and interaction with a CA- online

IGI Portal architecture and interaction with a CA- online IGI Portal architecture and interaction with a CA- online Abstract In the framework of the Italian Grid Infrastructure, we are designing a web portal for the grid and cloud services provisioning. In following

More information

SAML Authentication Quick Start Guide

SAML Authentication Quick Start Guide SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.

More information

InCommon Affiliate Webinar Series

InCommon Affiliate Webinar Series InCommon Affiliate Webinar Series Aegis Identity Case Study: Just-in-Time Provisioning and IDP Proxy Management November 19, 2014 CASE STUDY IN JUST-IN-TIME PROVISIONING AND IDP PROXY MANAGEMENT Jim Faut

More information

Best Practices for Libraries and Library Service Providers

Best Practices for Libraries and Library Service Providers Best Practices for Libraries and Library Service Providers These best practices were developed by the InCommon Library Consortium in 2009. The consortium was formed to explore various potential solutions.

More information

Cloud Services ADM. Agent Deployment Guide

Cloud Services ADM. Agent Deployment Guide Cloud Services ADM Agent Deployment Guide 10/15/2014 CONTENTS System Requirements... 1 Hardware Requirements... 1 Installation... 2 SQL Connection... 4 AD Mgmt Agent... 5 MMC... 7 Service... 8 License

More information

User Guide. Version R91. English

User Guide. Version R91. English AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

WatchDox Administrator's Guide. Application Version 3.7.5

WatchDox Administrator's Guide. Application Version 3.7.5 Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals

More information

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx Configuring Single Sign-on from the VMware Identity Manager Service to WebEx VMware Identity Manager SEPTEMBER 2015 V 2 Configuring Single Sign-On from VMware Identity Manager to WebEx Table of Contents

More information

Active Directory Management. Agent Deployment Guide

Active Directory Management. Agent Deployment Guide Active Directory Management Agent Deployment Guide Document Revision Date: June 12, 2014 Active Directory Management Deployment Guide i Contents System Requirements...1 Hardware Requirements...1 Installation...3

More information

Protected Trust Directory Sync Guide

Protected Trust Directory Sync Guide Protected Trust Directory Sync Guide Protected Trust Directory Sync Guide 2 Overview Protected Trust Directory Sync enables your organization to synchronize the users and distribution lists in Active Directory

More information

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated. Chapter 87 Configuring Smartsheet The following is an overview of the steps required to configure the Smartsheet Web application for single sign-on (SSO) via SAML. Smartsheet offers both IdP-initiated

More information

Configuring EPM System 11.1.2.1 for SAML2-based Federation Services SSO

Configuring EPM System 11.1.2.1 for SAML2-based Federation Services SSO Configuring EPM System 11.1.2.1 for SAML2-based Federation Services SSO Scope... 2 Prerequisites Tasks... 2 Procedure... 2 Step 1: Configure EPM s WebLogic domain for SP Federation Services... 2 Step 2:

More information

Configuring SuccessFactors

Configuring SuccessFactors Chapter 117 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors

More information

Getting Started with Single Sign-On

Getting Started with Single Sign-On Getting Started with Single Sign-On I. Introduction Your institution is considering or has already purchased Collaboratory from Treetop Commons, LLC. One benefit provided to member institutions is Single

More information

Installation and Configuration Guide

Installation and Configuration Guide Installation and Configuration Guide BlackBerry Resource Kit for BlackBerry Enterprise Service 10 Version 10.2 Published: 2015-11-12 SWD-20151112124827386 Contents Overview: BlackBerry Enterprise Service

More information

Egress Switch Administration Panel. User Guide

Egress Switch Administration Panel. User Guide Egress Switch Administration Panel User Guide November 2015 Confidentiality Statement This document contains information confidential and proprietary to Egress Software Technologies. It shall not be disclosed

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview) Chapter 83 WebEx This chapter includes the following sections: An overview of configuring WebEx for single sign-on Configuring WebEx for SSO Configuring WebEx in Cloud Manager For more information about

More information

Introduction to Directory Services

Introduction to Directory Services Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory

More information

Cloud Authentication. Getting Started Guide. Version 2.1.0.06

Cloud Authentication. Getting Started Guide. Version 2.1.0.06 Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

DocuSign Single Sign On Implementation Guide Published: March 17, 2016 DocuSign Single Sign On Implementation Guide Published: March 17, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents

More information

MultiSite Manager. User Guide

MultiSite Manager. User Guide MultiSite Manager User Guide Contents 1. Getting Started... 2 Opening the MultiSite Manager... 2 Navigating MultiSite Manager... 2 2. The All Sites tabs... 3 All Sites... 3 Reports... 4 Licenses... 5 3.

More information

Broker Portal Tutorial Broker Portal Basics

Broker Portal Tutorial Broker Portal Basics Broker Portal Tutorial Broker Portal Basics Create Agent Connect Link Forgotten Password Change Your Broker Portal Password Delegate View Application Status Create Agent Connect Link Log in to your Producer

More information

P U R D U E U N I V E R S I T Y

P U R D U E U N I V E R S I T Y P U R D U E U N I V E R S I T Y IAMO Shibboleth Attribute Release Memorandum of Understanding Between the designated Purdue University administrative or educational group, called the Client, and the Department

More information

Copyright Pivotal Software Inc, 2013-2015 1 of 10

Copyright Pivotal Software Inc, 2013-2015 1 of 10 Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10

More information

Configuring Parature Self-Service Portal

Configuring Parature Self-Service Portal Configuring Parature Self-Service Portal Chapter 2 The following is an overview of the steps required to configure the Parature Self-Service Portal application for single sign-on (SSO) via SAML. Parature

More information

Configuring Salesforce

Configuring Salesforce Chapter 94 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

More information

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 Contents Overview... 2 System requirements:... 2 Before installing... 3 Download and installation... 3 Configure DESLock+ Enterprise Server...

More information

QUANTIFY INSTALLATION GUIDE

QUANTIFY INSTALLATION GUIDE QUANTIFY INSTALLATION GUIDE Thank you for putting your trust in Avontus! This guide reviews the process of installing Quantify software. For Quantify system requirement information, please refer to the

More information

econtrol 3.5 for Active Directory & Exchange Administrator Guide

econtrol 3.5 for Active Directory & Exchange Administrator Guide econtrol 3.5 for Active Directory & Exchange Administrator Guide This Guide Welcome to the econtrol 3.5 for Active Directory and Exchange Administrator Guide. This guide is for system administrators and

More information

Configuring. SugarCRM. Chapter 121

Configuring. SugarCRM. Chapter 121 Chapter 121 Configuring SugarCRM The following is an overview of the steps required to configure the SugarCRM Web application for single sign-on (SSO) via SAML. SugarCRM offers both IdP-initiated SAML

More information

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Implementation Guide SAP NetWeaver Identity Management Identity Provider Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before

More information

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO

More information

Configuring. SuccessFactors. Chapter 67

Configuring. SuccessFactors. Chapter 67 Chapter 67 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors

More information

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page 108-10.

SAP NetWeaver Fiori. For more information, see Creating and enabling a trusted provider for Centrify on page 108-10. Chapter 108 Configuring SAP NetWeaver Fiori The following is an overview of the steps required to configure the SAP NetWeaver Fiori Web application for single sign-on (SSO) via SAML. SAP NetWeaver Fiori

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

Cloudfinder for Office 365 User Guide. November 2013

Cloudfinder for Office 365 User Guide. November 2013 1 Contents Getting started with Cloudfinder for Office 365 1... 3 Sign up New Cloudfinder user... 3 Sign up Existing Cloudfinder user... 4 Setting the Admin Impersonation... 4 Initial backup... 7 Inside

More information

OneLogin Integration User Guide

OneLogin Integration User Guide OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...

More information

SAML Authentication with BlackShield Cloud

SAML Authentication with BlackShield Cloud SAML Authentication with BlackShield Cloud Powerful Authentication Management for Service Providers and Enterprises Version 3.1 Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCARD

More information

EQUELLA. Blackboard Learn Configuration Guide. Version 6.2

EQUELLA. Blackboard Learn Configuration Guide. Version 6.2 EQUELLA Blackboard Learn Configuration Guide Version 6.2 Document History Document No. Reviewed Finalised Published 1 11/12/2013 12/12/2013 12/12/2013 December 2013 edition. Information in this document

More information

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users SyAM Management Utilities and Non-Admin Domain Users Some features of SyAM Management Utilities, including Client Deployment and Third Party Software Deployment, require authentication credentials with

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

FuseMail- Exchange ControlPanel Admin Guide Feb.27-14 V1.0. Exchange ControlPanel Administration Guide

FuseMail- Exchange ControlPanel Admin Guide Feb.27-14 V1.0. Exchange ControlPanel Administration Guide Exchange ControlPanel Administration Guide Table of Contents Top Level Portal Administration... 4 Signing In to Control Panel... 4 Restoring Account Password... 5 Change Account Details... 7 Viewing Account

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Merit Cloud Media User Guide

Merit Cloud Media User Guide in collaboration with NJEDgeNet Table of Contents 1 Requirements... 3 1.1 Shibboleth... 3 1.2 Administration Hierarchy... 3 2 Administration Hierarchy... 3 3 Manage Videos... 4 3.1 Supported Video Formats...

More information

ECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7

ECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7 ECAT SWE Exchange Customer Administration Tool SWE - Exchange Customer Administration Tool (ECAT) Table of Contents About this Guide... 3 Audience and Purpose... 3 What is in this Guide?... 3 CA.mail Website...

More information

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce. Chapter 41 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager Salesforce Cloud Connector Guide McAfee Cloud Identity Manager version 1.1 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

SafeNet Authentication Manager

SafeNet Authentication Manager SafeNet Authentication Manager TECHNICAL BRIEF Using SafeNet Authentication Manager as Identity Provider for AirWatch Contents Description... 2 Single Sign-On Dataflow... 2 Identity Provider Configuration...

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview) Chapter 190 WebEx This chapter includes the following sections: "An overview of configuring WebEx for single sign-on" on page 190-1600 "Configuring WebEx for SSO" on page 190-1601 "Configuring WebEx in

More information

Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services

Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services This document is provided as-is. Information and views expressed in this document, including URL and other

More information

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS APPLICATION NOTE IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS SAML 2.0 combines encryption and digital signature verification across resources for a more

More information

Setup Guide for Magento and BlueSnap

Setup Guide for Magento and BlueSnap Setup Guide for Magento and BlueSnap This manual is meant to show you how to connect your Magento store with your newly created BlueSnap account. It will show step-by-step instructions. For any further

More information

rat Comodo One Software Version 1.0 Administrator Guide Guide Version 1.0.071315 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

rat Comodo One Software Version 1.0 Administrator Guide Guide Version 1.0.071315 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 rat Comodo One Software Version 1.0 Administrator Guide Guide Version 1.0.071315 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo One... 3 2 Signing

More information

Charter Business Phone. Online Control Panel Getting Started Guide. Document Version 1.0

Charter Business Phone. Online Control Panel Getting Started Guide. Document Version 1.0 Charter Business Phone Online Control Panel Getting Started Guide Document Version 1.0 Table of Contents 1 About This Guide...4 2 Overview...5 2.1 Online Control Panel and Call Manager... 5 3 Manual and

More information

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase Authentication and Authorisation for Research and Collaboration Federations 101 An Introduction to Federated Identity Management Peter Gietz, Martin Haase AARC NA2 Task 2 - Outreach and Dissemination DAASI

More information

T his feature is add-on service available to Enterprise accounts.

T his feature is add-on service available to Enterprise accounts. SAML Single Sign-On T his feature is add-on service available to Enterprise accounts. Are you already using an Identity Provider (IdP) to manage logins and access to the various systems your users need

More information

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal This Application Note provides instructions for configuring Apps settings on the Cisco OnPlus Portal and Autotask application settings

More information

PORTAL ADMINISTRATION

PORTAL ADMINISTRATION 1 Portal Administration User s Guide PORTAL ADMINISTRATION GUIDE Page 1 2 Portal Administration User s Guide Table of Contents Introduction...5 Core Portal Framework Concepts...5 Key Items...5 Layouts...5

More information

Hosted VoIP Phone System. Admin Portal User Guide for. Call Center Administration

Hosted VoIP Phone System. Admin Portal User Guide for. Call Center Administration Hosted VoIP Phone System Admin Portal User Guide for Call Center Administration Contents Table of Figures... 4 1 About this Guide... 6 2 Accessing the Hosted VoIP Phone System Administration Portal...

More information

Google Apps Deployment Guide

Google Apps Deployment Guide CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

MY HELPDESK - END-USER CONSOLE...

MY HELPDESK - END-USER CONSOLE... Helpdesk User Guide Page 1 Helpdesk User Guide Table of Contents 1 INTRODUCTION... 3 1.1. OBJECTIVES... 3 1.2. END-USER CONSOLE... 3 1.3. SUMMARY OF RESPONSIBILITY... 3 1.4. HELPDESK INCIDENT LIFE CYCLE...

More information

CERTIFICATION CANDIDATE MANAGEMENT SYSTEM (CCMS) CANDIDATE USER GUIDE

CERTIFICATION CANDIDATE MANAGEMENT SYSTEM (CCMS) CANDIDATE USER GUIDE CERTIFICATION CANDIDATE MANAGEMENT SYSTEM (CCMS) CANDIDATE USER GUIDE THE IIA S GLOBAL CERTIFICATIONS DEPARTMENT OCTOBER 2014 CCSA CFSA CGAP CRMA Table of Contents Certification Candidate Handbook...5

More information

Getting Started with AD/LDAP SSO

Getting Started with AD/LDAP SSO Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories

More information

SWITCH Resource Registry Guide

SWITCH Resource Registry Guide AAI Resource Registry Guide Authors: LH, TL AAI web page: http://www.switch.ch/ Contact: aai@switch.ch This guide is aimed at users of the SWITCH Resource Registry and is intended to serve as a complimentary

More information

DEPLOYMENT GUIDE Version 1.2. Deploying F5 with Oracle E-Business Suite 12

DEPLOYMENT GUIDE Version 1.2. Deploying F5 with Oracle E-Business Suite 12 DEPLOYMENT GUIDE Version 1.2 Deploying F5 with Oracle E-Business Suite 12 Table of Contents Table of Contents Introducing the BIG-IP LTM Oracle E-Business Suite 12 configuration Prerequisites and configuration

More information

Corporate Telephony Toolbar User Guide

Corporate Telephony Toolbar User Guide Corporate Telephony Toolbar User Guide 1 Table of Contents 1 Introduction...6 1.1 About Corporate Telephony Toolbar... 6 1.2 About This Guide... 6 1.3 Accessing The Toolbar... 6 1.4 First Time Login...

More information