Difference between revisions of "SSO Check List"

From IVS Wiki
Jump to: navigation, search
 
(55 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
__TOC__
 
__TOC__
{{Article | content = {{Checklist | list =  
+
{{Article | title = VALT SSO Check List | content =
=Where to Begin?=
+
==Where to Begin?==
Before SSO is configured on your VALT server, there are a few things that need to be done, setup, and understood. This article aims to help you identify where you are in the process and what steps might need to be done before you configure SSO on your server!
+
Before SSO is configured on your VALT server, there are a few things that need to be done, setup, and understood. This article aims to help you identify where you are in the process and what steps need to be done before you configure SSO on your server!
  
The following list of items should be done, in order. Identifying where you are in this process is your first step.
+
{{hr}}
  
<hr>
+
==SSO Checklist==
 +
The following list of items should be done before you configure SSO with VALT. Identifying where you are in this process is your first step!
  
=={{Checkbox - checked | item = SSO Checklist}}==
+
{{hr - 2}}
*{{Checkbox - empty | item = Recognize need/want for SSO}}
 
*{{Checkbox - empty | item = SAML discovery call}}
 
**{{Checkbox - empty | item = Understanding of VALT group mappings}}
 
**{{Checkbox - empty | item = Understanding of user creation and management}}
 
*{{Checkbox - empty | item = Server racked and patched}}
 
*{{Checkbox - empty | item = SSL certificate and NTP server installed}}
 
}}  
 
  
<hr>
+
===New System===
 +
If you have a <b>new system</b>, use this list to identify what needs to be done.
  
{{Aside | content = VALT is compatible with SAML 2.0}}
+
{{Section | color = #EEE | content =  
{{Aside | content = To access SSO on your system, you may need to reach out to our support team. [https://ivs.help IVS Support]}}
+
:{{Checkbox - checked | item = Identify desire to use SSO for [[Authentication Workflows | VALT authentication]].}}
*Browse to the the Fully qualified domain name and sign in with a local account
+
:{{Checkbox - empty | item = Server racked and patched. <em>**If a VM is being used, ensure you have completed our VM Validation**</em>.}}
*Click on admin
+
:{{Checkbox - empty | item = Create DNS entry for VALT and install an [[SSL Certs | SSL certificate]].
*Click on Users & Groups
+
::<em>**IVS can assist with generating CSRs and Installing Certificates, but you must source the SSL certificate internally**</em>.}}
*Along the top click on SSO and add SAML config
+
:{{Checkbox - empty | item = Configure VALT to talk to an NTP server.}}
 +
:{{Checkbox - empty | item = Understand the [[Authentication Workflows#SSO_Authentication | SSO workflow]].}}
 +
:{{Checkbox - empty | item = Understand VALT [[VALT_Technical_Specifications#Users_.26_Groups | Users & Groups]].}}
 +
}}
  
<hr>
+
{{hr - 2}}
  
==To configure SSO VALT needs the following information:==
+
===Existing System===
*Certificate in .cer format
+
If you have an <b>existing system</b>, use this list to identify what needs to be done.
*Identity Provider (IDP)
 
*Remote Sign-In URL
 
*Remote Sign-Out URL
 
*Display Name Attribute
 
*Any other custom attributes needed
 
[[File:SsoConfigInformation.png|link=]]
 
  
After SSO is configured browse to <code>https://<b><Server Address></b>/saml/metadata.xml</code> to grab the VALT metadata to add to your system
+
{{Section | color = #BBB | content =
 +
:{{Checkbox - checked | item = Identify desire to use SSO for [[Authentication Workflows | VALT authentication]].}}
 +
:{{Checkbox - empty | item = Create DNS entry for VALT and install an [[SSL Certs | SSL certificate]].
 +
::<em>**IVS can assist with generating CSRs and Installing Certificates, but you must source the SSL certificate internally**</em>.}}
 +
:{{Checkbox - empty | item = Configure VALT to talk to an NTP server.}}
 +
:{{Checkbox - empty | item = Understand the [[Authentication Workflows#SSO_Authentication | SSO workflow]].}}
 +
:{{Checkbox - empty | item = Talk with an IVS technician about how account migrations will look in your environment.}}
 +
}}
  
<hr>
+
{{hr}}
  
==User Mapping==
+
==Configuration==
<div class="floating_card">User mapping is used to map groups in the customer's system to groups within VALT</div>
+
Once you have that information, you can start looking at the [[Single Sign-On (SSO) | SSO configuration information.]]
{{Aside | content = <b>NOTE:</b> SSO in VALT is a one to one mapping for groups}}
 
  
===Required===
+
{{hr}}
Users are mapped to VALT groups using attributes and values being passed from the IdP.
 
<dl>
 
<dt>Name</dt>
 
<dd>The value to define the mapping. <em>Used only in this section of VALT.</em>
 
<dt>Attribute</dt>
 
<dd>The item that gets passed back to VALT.</dd>
 
<dt>User Value<dt>
 
<dd>The value of the item that gets passed back to VALT.</dd>
 
<dt>Group to Add</dt>
 
<dd>The group created on the VALT side that defines the user's rights in the application.</dd>
 
</dl>
 
[[File:SAML_UserMapping.png|link=]]
 
  
<hr>
+
[[VALT SSO| &#x293A; Back to VALT SSO Main Page]]
 
 
==Other Notes==
 
<h2>Moving from LDAP to SSO</h2>
 
*If moving from LDAP to SSO you have to add a custom attribute to map to the username so the usernames will match correctly
 
*To migrate current users to SSO the SQL command needs to be run on the database with the correct group ID
 
UPDATE users set ldap_sync_id = NULL, saml_config_id = 1, userType = 'local'  where deleted_at is null and group_id =
 
 
 
<hr>
 
 
 
<h2>Custom Attributes</h2>
 
*Custom Attributes can be usernames if you want to map to something specific or other information that you want to pull into VALT
 
 
 
<hr>
 
 
 
<h2>Additional Settings</h2>
 
*Shibboleth IDP's need the following settings specified:
 
<dl>
 
<dt>signAssertions:</dt>
 
  <dd>true</dd>
 
<dt>signResponses:<dt>
 
  <dd>true</dd>
 
<dt>encryptNameIDs:</dt>
 
  <dd>true</dd>
 
<dt>encryptAssertions:</dt>
 
  <dd>false</dd>
 
</dl>
 
 
}}
 
}}

Latest revision as of 14:52, 1 April 2024

VALT SSO Check List

Where to Begin?

Before SSO is configured on your VALT server, there are a few things that need to be done, setup, and understood. This article aims to help you identify where you are in the process and what steps need to be done before you configure SSO on your server!

SSO Checklist

The following list of items should be done before you configure SSO with VALT. Identifying where you are in this process is your first step!

New System

If you have a new system, use this list to identify what needs to be done.

☑ Identify desire to use SSO for VALT authentication.

☐ Server racked and patched. **If a VM is being used, ensure you have completed our VM Validation**.

☐ Create DNS entry for VALT and install an SSL certificate.

**IVS can assist with generating CSRs and Installing Certificates, but you must source the SSL certificate internally**.

☐ Configure VALT to talk to an NTP server.

☐ Understand the SSO workflow.

☐ Understand VALT Users & Groups.

Existing System

If you have an existing system, use this list to identify what needs to be done.

☑ Identify desire to use SSO for VALT authentication.

☐ Create DNS entry for VALT and install an SSL certificate.

**IVS can assist with generating CSRs and Installing Certificates, but you must source the SSL certificate internally**.

☐ Configure VALT to talk to an NTP server.

☐ Understand the SSO workflow.

☐ Talk with an IVS technician about how account migrations will look in your environment.

Configuration

Once you have that information, you can start looking at the SSO configuration information.

⤺ Back to VALT SSO Main Page
Retrieved from "https://ipivs.info/wiki/index.php?title=SSO_Check_List&oldid=12743"