SchoolBooking SSO Integration Guide

Similar documents
SchoolBooking LDAP Integration Guide

NSi Mobile Installation Guide. Version 6.2

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

How To - Implement Single Sign On Authentication with Active Directory

Active Directory Integration. Documentation. v1.02. making your facilities work for you!

Configure Single Sign on Between Domino and WPS

Active Directory Requirements and Setup

Office 365 deployment checklists

For details for obtaining this later version; see the Known issues & Limitations, section at the end of this document.

NovaBACKUP xsp Version 15.0 Upgrade Guide

Creating a generic user-password application profile

Setting up a Scheduled task to upload pupil records to ParentPay

Office 365 deploym. ployment checklists. Chapter 27

Schools Remote Access Server

How to Log in to LDRPS-Web v10 (L10)

How To - Implement Clientless Single Sign On Authentication with Active Directory

Montefiore Portal Quick Reference Guide

Defender Token Deployment System Quick Start Guide

MSSQL quick start guide

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Configuring SuccessFactors

Junos Pulse VPN Client Installation

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

User Management Tool 1.5

Windows XP Exchange Client Installation Instructions

IIS, FTP Server and Windows

Wireless Network Configuration Guide

Active Directory Integration

NetIQ Advanced Authentication Framework - MacOS Client

Configuring Salesforce

EURECOM VPN SSL for students User s guide

Automatic Setup... 1 Manual Setup... 2 Installing the Wireless Certificates... 18

Configuring Sponsor Authentication

Quick Start Guide. IT Management On-Demand

Upgrade of Business Systems Data Warehouse Reporting

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

Lytecube Technologies. EnCircle Automation. User Guide

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Microsoft Outlook Setup With Exchange Server. Outlook

Configuring. SuccessFactors. Chapter 67

How to register and use our Chat System

Click Studios. Passwordstate. Installation Instructions

Citrix Remote Access Portal U s e r M a n u a l

Virto Password Reset Web Part for SharePoint. Release Installation and User Guide

Other documents in this series are available at: servernotes.wazmac.com

Allianz Global Investors Remote Access Guide

BusinessObjects Enterprise XI Release 2

Installation Guide For Choic Enterprise Edition

VPN Web Portal Usage Guide

How to Access Coast Wi-Fi

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

TECHNICAL NOTE. The following information is provided as a service to our users, customers, and distributors.

Active Directory Integration

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

Installation Guide v3.0

How to remotely access your Virtual Desktop from outside the college using VMware View Client. How to guide

Migrating TimeForce To A New Server

Using Remote Web Workplace Version 1.01

Sage 200 Web Time & Expenses Guide

Extending Remote Desktop for Large Installations. Distributed Package Installs

Global Knowledge European Remote Labs Accessing the Remote Labs portal from Windows

Working Together - Your Apple Mac and Microsoft Windows

User Roles & Adding Domains & Users

SSL VPN Setup for Windows

RMS Cloud - Setup Instructions for Windows Computers

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

Professional Mailbox Software Setup Guide

Authentication Methods

Setup Corporate (Microsoft Exchange) . This tutorial will walk you through the steps of setting up your corporate account.

Connecting to the University Wireless Network

Remote Access End User Reference Guide for SHC Portal Access

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

Click Studios. Passwordstate. Installation Instructions

WHMCS LUXCLOUD MODULE

How to Move an SAP BusinessObjects BI Platform System Database and Audit Database

Case Closed Installation and Setup

Installation and Setup Guide

CWOPA Broadband Users. Windows Operating System

How to configure the TopCloudXL WHMCS plugin (version 2+) Update: Version: 2.2

Password Manager. Version Password Manager Quick Guide

Webmail Access. Contents

Using the Remote Desktop Portal

Installing SQL Express. For CribMaster 9.2 and Later

VERALAB LDAP Configuration Guide

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Active Directory Authentication Integration

SMART Vantage. Installation guide

Use Enterprise SSO as the Credential Server for Protected Sites

Configuring Parature Self-Service Portal

WINDOWS 7 & HOMEGROUP

Windows 7 Hula POS Server Installation Guide

Exchange 2013 mailbox setup guide

OneLogin Integration User Guide

Test Case 3 Active Directory Integration

Transcription:

SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide, your individual network / servers may need to be configured in a different manner than described within this document. You will also notice we use examples referring to Microsoft IIS. If you use another Web service such as Apache you will find that some of the wording / functions are slightly different from the guide. Do not make changes to your network or servers unless you fully understand what you are doing. Please read this guide thoroughly before trying to configure SSO. Introduction SchoolBooking supports SSO and when setup basically means that when one of your users visits your portal / login page whilst within your network they will be automatically logged in to SchoolBooking using their Network / LDAP Credentials SSO will not work without LDAP setup, if you haven t already got LDAP setup for your site please refer to the [LDAP & User Registration] module from Administration. SSO is supported by Internet Explorer and Chrome, if you are using another browser please revert back to Internet Explorer / Chrome for testing. There are many advantages of using SSO, mainly being your users will not need to remember any details whilst using the SchoolBooking service from within your network.

Prerequisites LDAP must be configured and running before you start to setup SSO. You will need an IIS or compatible webserver server joined to the same domain as your users are working within. Technical overview SSO is primarily designed to work on intranets and not on external websites. For us to work around this we ask you to host a small script on your locally hosted webserver which picks up the users credentials just like a local intranet would. We then forward these credentials securely via HTTPS to SchoolBooking and initiate a process which automatically logs the user on. Restriction wise SSO will follow the filters you have put in place within LDAP. So if a user doesn t fall within the specified LDAP filter they will not be logged in. This flow diagram shows how SchoolBooking will work once you have configured all 5 SSO steps. User starts at SchoolBooking login page SchoolBooking checks on SSO Detection rules to see if SSO should be initiated. User is likely to be outside of the network, so they will be asked to enter their credentials manually. NO SSO YES SSO SchoolBooking starts communicating with your locally hosted script and obtains users details LDAP is queried If LDAP security check passes, user is automatically logged in

We have written this guide to take you through step by step each part of the Admin interface. Please follow this guide as you run through the SSO Administration page online. Step 1 Passing Network Authentication Script Please download the script and un-compress it from the zip file. You will need to create a separate folder within IIS for it to work. An example would be c:\inetpub\mywebsite\schoolbooking\sb.php. Once in place you need to let SchoolBooking know how it can access this script (you can rename it if you want). Please make sure you use an external address rather than internal to your webserver i.e. if you were at home what would you type into your browser to get to this file. www.mywebsite.com/schoolbooking.com/sb.php Step 2 Script Setup As step 2 is slightly more technical it has been broken down in to separate parts. Custom settings The script needs to know who you are as well as some security information. We have generated what you need to put into the script, so simply copy it from Step 2 and add it to the top of your newly hosted script. Making SSO work on your network. There are two things you will need to do to make your network pass network details to the script. 1 You will need to configure your IIS Server aware that is going to pick up user details.

Load IIS and select the folder which contains your script and click the Authentication Icon Switch on [Windows Authentication] and ensure that all other authentication methods are off. 2 The web address you specified in the previous step must be listed as part of the Local Intranet within Internet Explorer on your client workstations. For testing purposes you can manually add the address by loading Internet Explorer > Internet Options > Security > Local Intranet. Tip: - We recommend you use Group Policy to roll this setting out across your whole network, to do this edit a policy and look under: Under User Configuration, expand Polices > Windows settings >Internet Explorer Maintenance >Security Double click Security Zones and Content Ratings, then chose Import the current security zones and privacy settings. Click Continue, and then click Modify Settings. In the Internet Properties windows chose Security tab, then click Local intranet, click Sites to add and type your script location (be sure to use the external address) Testing the Script You may have noticed whilst editing the now locally hosted SchoolBooking script there was a debug option. Go ahead and test the script by changing this Yes (and saving) and then load your Internet Explorer or Chrome and point your browser at your script i.e. http://www.mywebsite/schoolbooking.com/sb.php A test will hopefully confirm all is working. Once you are happy that everything has passed switch the Debug option to No.

Step 3 LDAP Authentication Unlike pure LDAP login, SchoolBooking is not sent the users full credentials i.e. username and password but instead a token. This means that unlike standard LDAP logins we have no username or password to be able to offer your servers to begin a query against your LDAP directory. This means you will need to setup an account we can use to query your LDAP as users logon. This account does not need any high level permission, it can be quite restricted, but we suggest you test limiting this once all is working. Step 4 SSO Detection Most of our sites allow their users to use SchoolBooking within the network but also at home. This could cause some problems as SchoolBooking won t automatically know when to be looking for an SSO token or when to be asking for credentials manually. We have two ways around this issue. 1 SchoolBooking can detect the public facing IP address is of anyone browsing the internet from your organisation. If this address is added into SchoolBooking we will then initiate SSO upon seeing this IP Address and if we don t see it we will revert back to asking for the user to type their credentials in manually. We allow you to enter a range when specifying your Public IP as you may have more than one externally facing IP address (ask your broadband provider for more details) If you want to force SSO continuously no matter what address the user is coming from Type ALL in both the From and To boxes. SchoolBooking will then initiate the SSO on every visit no matter where the client is. The problem of this is when a user is outside of your domain and accesses SchoolBooking the script specified in Step 1 will be requested, and as your webserver doesn t know who the user is it will display a very standard Windows Login prompt without much detail, this may confuse the user. Another way of initiating SSO from within your network is to leave the address range blank and simply roll out a SSO shortcut (shown at the bottom of Step 4). This Shortcut should again only be used within your network so when users are at home they use a regular SchoolBooking website / shortcut otherwise they will again be faced with a windows logon dialogue box. Step 5 Enable / Disable All should now be in place for you to enable SSO for your site. We recommend you make a copy of the web address at the bottom of step 5, this is a manual way of avoiding SSO and will be needed if

you want to log back into SchoolBooking with a local SchoolBooking account such as Admin rather than your SSO account. For more information For more information on SchoolBooking or to find out more about SSO please contact our customer service team: You can email us at customer.services@schoolbooking.com Call us within the United Kingdom on 08456 436 210 or 01903 867778 Or for International users, please call +44 1903 867778 Thank you for using SchoolBooking

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information