Difference between revisions of "Single Sign-On (SSO)"
IVSWikiBlue (talk | contribs) |
IVSWikiBlue (talk | contribs) |
||
Line 41: | Line 41: | ||
}} | }} | ||
{{Article| title = Other Notes | content = | {{Article| title = Other Notes | content = | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<h2>Custom Attributes</h2> | <h2>Custom Attributes</h2> | ||
*Custom Attributes can be usernames if you want to map to something specific or other information that you want to pull into VALT | *Custom Attributes can be usernames if you want to map to something specific or other information that you want to pull into VALT |
Revision as of 08:32, 1 April 2024
✎VALT is compatible with SAML 2.0
VALT SSO
✎To access SSO on your system, you may need to reach out to our support team. IVS Support
- Browse to the the Fully qualified domain name and sign in with a local account
- Click on admin
- Click on Users & Groups
- Along the top click on SSO and add SAML config
To configure SSO VALT needs the following information:
- Certificate in .cer format
- Identity Provider (IDP)
- Remote Sign-In URL
- Remote Sign-Out URL
- Display Name Attribute
- Any other custom attributes needed
After SSO is configured browse to
https://<Server Address>/saml/metadata.xml
to grab the VALT metadata to add to your systemUser Mapping
User mapping is used to map groups in the customer's system to groups within VALT
✎NOTE: SSO in VALT is a one to one mapping for groups
Required
Users are mapped to VALT groups using attributes and values being passed from the IdP.
- Name
- The value to define the mapping. Used only in this section of VALT.
- Attribute
- The item that gets passed back to VALT.
- User Value
- The value of the item that gets passed back to VALT.
- Group to Add
- The group created on the VALT side that defines the user's rights in the application.
Other Notes
Custom Attributes
- Custom Attributes can be usernames if you want to map to something specific or other information that you want to pull into VALT
Additional Settings
- Shibboleth IDP's need the following settings specified:
- signAssertions:
- true
- signResponses:
- true
- encryptNameIDs:
- true
- encryptAssertions:
- false