Difference between revisions of "Single Sign-On (SSO)"
IVSWikiBlue (talk | contribs) |
IVSWikiBlue (talk | contribs) |
||
Line 85: | Line 85: | ||
</dl> | </dl> | ||
− | {{hr | + | {{hr}} |
[[VALT SSO| ⤺ Back to VALT SSO Main Page]] | [[VALT SSO| ⤺ Back to VALT SSO Main Page]] | ||
}} | }} |
Revision as of 09:47, 1 April 2024
SSO Configuration
⚠VALT is compatible with SAML 2.0.
✎To access SSO on your system, you may need to reach out to our support team. IVS Support
The Basics
Before configuring SSO in VALT, please make sure you've completed our SSO Check List.
You can also schedule a SSO Discovery at our booking site under Schedule a Support Session. There, we will discuss the prerequisites for configuring your VALT server to utilize SSO Authentication.
Required Information from IdP
🕮As of VALT 6, the metadata file from the IdP will be required for configuring SSO.
- Identity Provider (IdP) URL
- This refers to the service or application that manages and authenticates user identities, which VALT will use to verify login credentials.
- Remote Sign-In URL
- This is the URL provided by the IdP where users are redirected to initiate the login process.
- Remote Sign-Out URL
- This URL leads to the IdP's logout page, where users can safely end their sessions, ensuring a secure sign-out process from VALT.
- Certificate in .cer format
- VALT requires a digital certificate in .cer format from the IDP to establish a secure, encrypted communication channel.
User Mapping
User mapping is used to map users to groups. This mapping is done through the attributes and values being passed from the IdP. VALT's SSO uses a 1:1 mapping for groups.
Required
- Name
- The value to define the mapping.
- Used only in this section of VALT.
- Attribute
- The item that gets passed back to VALT.
- User Value
- The value of the item that gets passed back to VALT.
- Group to Add
- The group created on the VALT side that defines the user's rights in the application.
Optional Items
VALT is also able to map custom attributes to some of the following fields for a user. Below are the user account fields that can be assigned through SSO.
- Display Name Attribute
- This specifies the user attribute (such as username or email) that VALT displays within the application.
- Helpful when people are not easy to recognize by the username field.
- Pin Code
- This specifies the code used for authentication into BEAM.
- Without one set, no pin is needed to enter BEAM.
- Card Number
- This specifies the card number associated with a user.
- Only applies to customers with VALT Card Reader.
- The users email can also be pulled into the system.
- If the VALT application is not connected to mail server, this field is not used for anything.
Additional Settings
Shibboleth needs the following settings configured to function with VALT.
- signAssertions:
- true
- signResponses:
- true
- encryptNameIDs:
- true
- encryptAssertions:
- false
⤺ Back to VALT SSO Main Page