Difference between revisions of "SSO Check List"

From IVS Wiki
Jump to: navigation, search
Line 11: Line 11:
 
{{hr - 2}}
 
{{hr - 2}}
  
{{Section | color = #EEE | content =
 
 
===New System===
 
===New System===
 
If you have a new system, use this list to identify what needs to be done.
 
If you have a new system, use this list to identify what needs to be done.
{{hr}}
+
 
 +
{{Section | color = #EEE | content =
 
:{{Checkbox - checked | item = Identify desire to use SSO for [[Authentication Workflows | VALT authentication]].}}
 
:{{Checkbox - checked | item = Identify desire to use SSO for [[Authentication Workflows | VALT authentication]].}}
 
:{{Checkbox - empty | item = Server racked and patched. <em>**If a VM is being used, ensure you have completed our VM Validation**</em>.}}
 
:{{Checkbox - empty | item = Server racked and patched. <em>**If a VM is being used, ensure you have completed our VM Validation**</em>.}}
Line 23: Line 23:
 
}}
 
}}
  
{{Section | color = #BBB | content =
+
{{hr - 2}}
 +
 
 
===Existing System===
 
===Existing System===
 
If you have an existing system, use this list to identify what needs to be done.
 
If you have an existing system, use this list to identify what needs to be done.
{{hr}}
+
 
 +
{{Section | color = #BBB | content =
 
:{{Checkbox - checked | item = Identify desire to use SSO for [[Authentication Workflows | VALT authentication]].}}
 
:{{Checkbox - checked | item = Identify desire to use SSO for [[Authentication Workflows | VALT authentication]].}}
 
:{{Checkbox - empty | item = Create DNS entry for VALT and install an [[SSL Certs | SSL certificate]]. <em>**IVS can generate CSR's and install the certs.**</em>.}}
 
:{{Checkbox - empty | item = Create DNS entry for VALT and install an [[SSL Certs | SSL certificate]]. <em>**IVS can generate CSR's and install the certs.**</em>.}}
Line 41: Line 43:
 
<dd class="singleLineHeight">This refers to the service or application that manages and authenticates user identities, which VALT will use to verify login credentials.</dd>
 
<dd class="singleLineHeight">This refers to the service or application that manages and authenticates user identities, which VALT will use to verify login credentials.</dd>
 
<dt>Remote Sign-In URL</dt>
 
<dt>Remote Sign-In URL</dt>
<dd class="singleLineHeight">This is the URL provided by the IDP where users are redirected to initiate the login process.</dd>
+
<dd class="singleLineHeight">This is the URL provided by the IdP where users are redirected to initiate the login process.</dd>
 
<dt>Remote Sign-Out URL</dt>
 
<dt>Remote Sign-Out URL</dt>
<dd class="singleLineHeight">This URL leads to the IDP's logout page, where users can safely end their sessions, ensuring a secure sign-out process from VALT.</dd>
+
<dd class="singleLineHeight">This URL leads to the IdP's logout page, where users can safely end their sessions, ensuring a secure sign-out process from VALT.</dd>
 
<dt>Certificate in .cer format</dt>
 
<dt>Certificate in .cer format</dt>
 
<dd class="singleLineHeight">VALT requires a digital certificate in .cer format from the IDP to establish a secure, encrypted communication channel.</dd>
 
<dd class="singleLineHeight">VALT requires a digital certificate in .cer format from the IDP to establish a secure, encrypted communication channel.</dd>

Revision as of 08:29, 1 April 2024

SAML Check List

Where to Begin?

Before SSO is configured on your VALT server, there are a few things that need to be done, setup, and understood. This article aims to help you identify where you are in the process and what steps need to be done before you configure SSO on your server!


SSO Checklist

The following list of items should be done, in order. Identifying where you are in this process is your first step!


New System

If you have a new system, use this list to identify what needs to be done.

☑ Identify desire to use SSO for VALT authentication.

☐ Server racked and patched. **If a VM is being used, ensure you have completed our VM Validation**.

☐ Create DNS entry for VALT and install an SSL certificate. **IVS can generate CSR's and install the certs.**.

☐ Configure VALT to talk to an NTP server.

☐ Understand the SSO workflow.

☐ Understand VALT Users & Groups.


Existing System

If you have an existing system, use this list to identify what needs to be done.

☑ Identify desire to use SSO for VALT authentication.

☐ Create DNS entry for VALT and install an SSL certificate. **IVS can generate CSR's and install the certs.**.

☐ Configure VALT to talk to an NTP server.

☐ Understand the SSO workflow.

☐ Understand VALT Users & Groups.


Required Information from IdP

Identity Provider (IdP) URL
This refers to the service or application that manages and authenticates user identities, which VALT will use to verify login credentials.
Remote Sign-In URL
This is the URL provided by the IdP where users are redirected to initiate the login process.
Remote Sign-Out URL
This URL leads to the IdP's logout page, where users can safely end their sessions, ensuring a secure sign-out process from VALT.
Certificate in .cer format
VALT requires a digital certificate in .cer format from the IDP to establish a secure, encrypted communication channel.

Optional Items

🕮VALT is also able to map custom attributes to some of the following fields for a user:

Display Name Attribute
This specifies the user attribute (such as username or email) that VALT displays within the application.
Helpful when people are not easy to recognize by the username field.
Pin Code
This specifies the code used for authentication into BEAM.
Without one set, no pin is needed to enter BEAM.
Card Number
This specifies the card number associated with a user.
Only applies to customers with VALT Card Reader.
Email
The users email can also be pulled into the system.
If the VALT application is not connected to mail server, this field is not used for anything.

User Mapping

User mapping is used to map groups in the customer's system to groups within VALT. Users are mapped to VALT groups using attributes and values being passed from the IdP.

NOTE: SSO in VALT is a one to one mapping for groups


Required

Name
The value to define the mapping. Used only in this section of VALT.
Attribute
The item that gets passed back to VALT.
User Value
The value of the item that gets passed back to VALT.
Group to Add
The group created on the VALT side that defines the user's rights in the application.