Saba Cloud. Overview of SSO for mobile applications



Similar documents
Absorb Single Sign-On (SSO) V3.0

Increase the Security of Your Box Account With Single Sign-On

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

DATA SHEET Setup Tutorial

Integration Overview. Web Services and Single Sign On

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Egnyte Single Sign-On (SSO) Installation for OneLogin

SAML-Based SSO Solution

Administering Jive Mobile Apps

Copyright Pivotal Software Inc, of 10

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

User Management Tool 1.5

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Connected Data. Connected Data requirements for SSO

Configuring Salesforce

HP Software as a Service. Federated SSO Guide

Active Directory Syncing

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

HP Software as a Service

Using the Jive for ios App

SAML-Based SSO Solution

Adding Single Sign-On to CloudPassage Halo

This manual will illustrate how to integrate your WordPress Blog or website with the Docebo Learning Management System.

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

Building Secure Applications. James Tedrick

Getting Started with AD/LDAP SSO

OpenLogin: PTA, SAML, and OAuth/OpenID

An Overview of Samsung KNOX Active Directory-based Single Sign-On

SAML single sign-on configuration overview

FortyCloud Installation Guide. Installing FortyCloud Gateways Using AMIs (AWS Billing)

CloudCall for Salesforce- Quick Start Guide. CloudCall for Act! CRM Quick Start Guide

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuring. SuccessFactors. Chapter 67

Configuring SuccessFactors

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

PARTNER INTEGRATION GUIDE. Edition 1.0

Single Sign On Integration Guide. Document version:

Administering Jive for Outlook

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

How to use Google Cloud Print

OpenID Connect 1.0 for Enterprise

Forumbee Single Sign- On

How To Use Saml 2.0 Single Sign On With Qualysguard

Configuring Parature Self-Service Portal

The increasing popularity of mobile devices is rapidly changing how and where we

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

IBM WebSphere Application Server

Sharepoint server SSO

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Configuring on-premise Sharepoint server SSO

How to create a SP and a IDP which are visible across tenant space via Config files in IS

Agenda. Federation using ADFS and Extensibility options. Office 365 Identity overview. Federation and Synchronization

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

WaitListCheck. Management Innovation: Technology

Getting Started Guide for Developing tibbr Apps

Working with Indicee Elements

Office 365 deployment checklists

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Configuring EPM System for SAML2-based Federation Services SSO

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

SPEECH REPOSITORY 2.0. Registration procedure

Getting Started with Clearlogin A Guide for Administrators V1.01

TRIPwire HSIN Federation:

Configuring. SugarCRM. Chapter 121

NCSU SSO. Case Study

Integrating ConnectWise Service Desk Ticketing with the Cisco OnPlus Portal

Office 365 deploym. ployment checklists. Chapter 27

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

HGC SUPERHUB HOSTED EXCHANGE

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Zendesk Integration Guide

ShareFile On-Demand Sync can be installed via EXE or MSI. Both installation types can be downloaded from

Copyright: WhosOnLocation Limited

Secure Your Enterprise with Usher Mobile Identity

Egnyte Single Sign-On (SSO) Installation for Okta

USING FEDERATED AUTHENTICATION WITH M-FILES

This release bulletin relates to Version build 2701 of the Swivel Authentication Platform and other new capabilities.

Encryption Procedures

Keeping access control while moving to the cloud. Presented by Zdenek Nejedly Computing & Communications Services University of Guelph

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

Perceptive Experience Single Sign-On Solutions

OneLogin Integration User Guide

Remote Access End User Reference Guide for SHC Portal Access

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK

Configuring. Moodle. Chapter 82

How To Manage A Plethora Of Identities In A Cloud System (Saas)

Authentication Methods

In a browser window, enter the Canvas registration URL: silverlakemustangs.instructure.com

Web Meetings through VPN. Note: Conductor means person leading the meeting. Table of Contents. Instant Web Meetings with VPN (Conductor)...

AVG Business Secure Sign On Active Directory Quick Start Guide

Leveraging SAML for Federated Single Sign-on:

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

Transcription:

Saba Cloud Overview of SSO for mobile applications

Introduction 2 Published: 05/13/2014 Part Number: U-SEC-1 Database management system:

TOC 3 Contents Chapter 1: SSO support by Saba Cloud mobile applications...5 What types of SSO are supported by the Saba Cloud mobile applications?...6 How do Saba Cloud mobile applications work in a SAML SSO-enabled environment?...6 What is the mobile user experience?...6 How do mobile applications interact with a SAML SSO-enabled Saba application?...7

4 TOC

Chapter 1 SSO support by Saba Cloud mobile applications Topics: What types of SSO are supported by the Saba Cloud mobile applications? How do Saba Cloud mobile applications work in a SAML SSO-enabled environment? This document is designed to answer your questions on the types of SSO supported by Saba Cloud native mobile applications and how it works.

SSO support by Saba Cloud mobile applications 6 What types of SSO are supported by the Saba Cloud mobile applications? Saba Cloud mobile applications only support SAML-based SSO. The token/certificate based SSO is not supported by the mobile applications. How do Saba Cloud mobile applications work in a SAML SSO-enabled environment? Note: The mobile applications do not support auto-login for SAML enabled tenant as we do not store password for SAML tenants. What is the mobile user experience? The following process describes user experience when logging in to a native mobile application to connect to a SAML-enabled environment. 1. After tapping the icon to open the application, a user is presented with a screen to enter the site/tenant name. Once the user clicks Enter, the mobile application validates the site/tenant name and checks whether the site is SAML SSO-enabled. 2. If the site/tenant is SAML-enabled, a third-party SAML provider login page opens within the mobile application. Once the user enters the login credentials and clicks Login, if the login credentials are valid, the user is granted access to the mobile application. Otherwise, the user stays in the same login page.

SSO support by Saba Cloud mobile applications 7 How do mobile applications interact with a SAML SSO-enabled Saba application? The following process describes how the mobile application authenticates users in a SAML-enabled environment. User Interaction Application Behaviour 1. After tapping the icon to open the applic~ ation, a user is presen~ ted with a screen to enter the tenant name. Once the user clicks Enter, the mobile ap~ plication validates the tenant name and checks whether the site is SAML SSO-enabled. Once the user inputs the site/tenant name, the mobile application first validates whether the name is correct using the tenant manager api. If the name is valid, the tenant manager api returns a JSON response that includes vanity url, socialfullurl and site name. All three values are preserved and used for the duration of the session. Next, the mobile application executes a REST API call to verify whether the site is SAML-enabled. For example: http://<machine:host>/saba/api/sitecon~ fig?sitename=<sitename> The JSON response indicates whether SAML is enabled for the particular site or not. For example: "issamlenabled": "true"

SSO support by Saba Cloud mobile applications 8 User Interaction Application Behaviour 2. If the site/tenant is If SAML is enabled, the Login page provided by a third-party SAML SAML-enabled, a vendor is obtained from the above JSON response. third-party SAML pro~ The URL for the login page is formed using the vanity URL obtained vider login page opens earlier from the tenant manager JSON. A web view is used to open within the mobile ap~ plication. the URL. The URL is opened embedded in the mobile application. The vanity URL looks as follows and redirects the user to a login page provided by a third-party SAML vendor. Once the user enters the login credentials and clicks Login, if the https://saba.sabapeoplecloud.com?is~ login credentials are Mobile=true. valid, the user is gran~ ted access to the mo~ If the user enters valid login credentials in the third-party SAML bile application. vendor login screen, the Saba server receives a successful authentic~ ation from the SAML vendor. Upon successful authentication, the Otherwise, the user Saba server generates a Saba Certificate and sends the following stays in the same login URL to the mobile application: page. tonative::sabacertificate::<actual_certific~ ate> The mobile application recognizes the URL starting with thetonat~ ive:: prefix and extracts the Saba Certificate from it. The certificate is stored by the mobile application for the duration of the session and is used for all REST API calls.