Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Similar documents
Integrating YuJa Active Learning with ADFS (SAML)

Integrating the YuJa Enterprise Video Platform with ADFS (SAML)

Google SAML Integration

Integrating YuJa Active Learning into Google Apps via SAML

Integrating YuJa Active Learning into ADFS via SAML

Integrating YuJa Enterprise Video Platform with LDAP / Active Directory

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

Configuration Guide - Single-Sign On for OneDesk

Qualys SAML & Microsoft Active Directory Federation Services Integration

Add OKTA as an Identity Provider in EAA

Google SAML Integration with ETV

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Configuring Alfresco Cloud with ADFS 3.0

RSA SecurID Access SAML Configuration for Kanban Tool

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

NETOP PORTAL ADFS & AZURE AD INTEGRATION

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Configuring Single Sign-on from the VMware Identity Manager Service to Vizru

Configuring Single Sign-on from the VMware Identity Manager Service to Exterro E-Discovery

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Cloud Access Manager Configuration Guide

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

Cloud Secure Integration with ADFS. Deployment Guide

esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

ComponentSpace SAML v2.0 Okta Integration Guide

Zendesk Connector. Version 2.0. User Guide

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Contents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29

RSA SecurID Access SAML Configuration for Datadog

Colligo Console. Administrator Guide

Configuring ServiceNow

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

Configuring Confluence

Udemy for Business SSO. Single Sign-On (SSO) capability for the UFB portal

Oracle Access Manager Configuration Guide

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

SafeNet Authentication Manager

McAfee Cloud Identity Manager

All about SAML End-to-end Tableau and OKTA integration

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

DocuSign Single Sign On Implementation Guide Published: June 8, 2016

RSA SecurID Access SAML Configuration for StatusPage

ADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration

Configuring the vrealize Automation Plug-in for ServiceNow

Okta SAML Authentication with WatchGuard Access Portal. Integration Guide

RSA SecurID Access SAML Configuration for Samanage

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

Centrify for Dropbox Deployment Guide

This section includes troubleshooting topics about single sign-on (SSO) issues.

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Welcome to Oracle Service Cloud Ask the Experts

SAML-Based SSO Configuration

Five9 Plus Adapter for Agent Desktop Toolkit

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Configure Unsanctioned Device Access Control

Quick Connection Guide

Introduction to application management

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Setting Up Resources in VMware Identity Manager

Integration of the platform. Technical specifications

Configuring ADFS for Academic Works

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

SafeNet Authentication Manager

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018

Trusted Login Connector (Hosted SSO)

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

SAP NetWeaver Cloud Security Tutorial Single Sign-On and Identity Federation with SAP NetWeaver Single Sign-On

CA SiteMinder Federation

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

Unified Contact Center Enterprise (UCCE) Single Sign On (SSO) Certificates and Configuration

TECHNICAL GUIDE SSO SAML. At 360Learning, we don t make promises about technical solutions, we make commitments.

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

ArcGIS Server and Portal for ArcGIS An Introduction to Security

OneLogin SAML Authentication with WatchGuard Access Portal. Integration Guide

Admin Panel for MEETS. User Guide

Setting Up the Server

OneLogin Integration User Guide

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for Tableau Server

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

VIEVU Solution AD Sync and ADFS Guide

SecureAuth IdP Realm Guide

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

ServiceNow Deployment Guide

Configuring Single Sign-on from the VMware Identity Manager Service to Collibra

Integrating AirWatch and VMware Identity Manager

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

How to Use ADFS to Implement Single Sign-On for an ASP.NET MVC Application

Advanced Configuration for SAML Authentication

SAML-Based SSO Configuration

Protecting SugarCRM with SafeNet Authentication Manager

Transcription:

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

1. Overview This document is intended to guide users on how to integrate their institution s Dell Cloud Access Manager (DCAM) server as an SSO system to log users into the YuJa Enterprise Video Platform. Once configured properly, a user trying to access YuJa services will first be redirected to the IDP DCAM is setup with to login, then redirected back to YuJa where they will be verified and logged in. 2. Setup Configuration involves creating a new application in the One Identity Cloud Access Manager console, then integrating the DCAM server on the YuJa side. Once both sides are properly configured, finalizing setup involves a test SSO using DCAM as the IDP, then activating the new SSO so that users from your institution can logged in via the DCAM system. NOTE: For some steps, <institution> is to be replaced by the wildcard DNS of the institution associated with YuJa. As an example, for https://hudson.yuja.com, <institution> would be replaced by hudson. 2.1 Adding YuJa as an Application in the Cloud Access Manager Console 1. On your DCAM server, go to: https://<dcam domain>/cloudaccessmanager/ui/admin/go If required to login, do so with valid credentials. 2. In the Home tab, in the Applications section, click Add New. 3. Click Configure Manually. 4. Under Federated SSO Methods, select SAML. Click Next. 5. Enter the settings manually:

Parameter Value Assertion Consumer Service URLs Recipient https://<institution>.yuja.com/d/samlreceiveresponse Audience / SP Identity https://<institution>.yuja.com Logout Provide your preferred logout URL. Upload signing certificate YuJa does not sign nor encrypt authentication requests, so do not upload a signing certificate. Upload certificate YuJa does not support encrypted authentication responses, so do not upload an encryption certificate. 6. Click Next. 7. Select Use the username (subject) provided by Your Authenticator. Click Next. 8. Select Do not proxy this application. Click Next. 9. For each of Admin and Users, select it and click Allow Role Access. Click Next. 10. Enter an Application Name, for example YuJa. Click Next. 11. Enter the following information: a. SSO Mode - SP Initiated. b. URL - https://<institution>.yuja.com/d/samlauthentication. c. Section - Applications. d. Title - <The Application Name>. e. Description - <An optional description>. f. Select Add application to application portal home. g. Do not select Allow users to remove application from application portal home. h. Click Finish. 12. On the Application Created page, the Certificate is needed to configure the YuJa side. Do not download it. Simply save the text body (i.e. exclude the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, only saving the middle section). 13. In the left sidebar, under Applications, go to View and Edit. 14. Double-click on the new application just created. 15. In the left sidebar, go to Token Settings.

16. For samltoken.name_id, select urn:oasis:names:tc:saml:1.1:nameid-format:emailaddress. 17. For samltoken.signature, select AssertionOnly. 18. Leave all the other settings as their default values. Click Finish. DCAM configuration is now complete. Follow the instructions below to configure YuJa. 2.2 YuJa Platform Side SAML Configuration 1. Navigate to your institution s YuJa domain (i.e. https://<institution>.yuja.com). 2. Login as an IT Manager. 3. In the Main Menu located in the top right corner, go to the Admin Panel tab. 4. In the left sidebar, go to Integrations. 5. Under Select an API to configure, choose SSO DCAM (SAML). 6. Enter the following configuration parameters: Parameter Value IDP Login URL Name ID Format Remote Logout URL The IDP Login URL of your created Application. It can be found under the Federation Settings tab in the DCAM Application. urn:oasis:names:tc:saml:1.1:nameid-format:emailaddress <Leave this blank>

DCAM Signing Certificate Fingerprint Retrieve the certificate you obtained from the DCAM configuration. Follow the steps under How to derive the thumbprint from a certificate in the Additional Tools section of this document. Given Name Attribute The name of the attribute in the SAML Response** describing the user's given name (ie first name). - For example: urn:oid:2.5.4.42 Family Name Attribute The name of the attribute in the SAML Response** describing the user's family name (ie last name, surname). For example: urn:oid:2.5.4.4 Email Attribute The name of the attribute in the SAML Response** describing the user's email address. For example: urn:mace:dir:attribute-def:mail Role Attribute The name of the attribute in the SAML Response** describing the user's role. For example: urn:mace:dir:attribute- IT Manager -A comma separated list of values can be used -If the value received in the Role Attribute matches any of these values, the user will be provisioned as an IT manager. -For example: IT Manager Instructor -A comma separated list of values can be used -If the value received in the Role Attribute matches any of these values, the user will be provisioned as an instructor. -For example: Instructor or Instructor,Teacher,TA

Automatically sync data on user login If checked, whenever a user logs in via ADFS their basic information will be updated based on the data received in the SAML response token. ** To obtain a sample SAML Response, first follow the instructions under Useful Chrome Plugin for Debugging SAML Tokens in the Additional Tools section of this document. Once installed, perform a Test SAML Login (as described in step 10), making sure the plugin is open before logging in so that it can read the SAML Response token. Note: When first creating the SSO system, you can leave the User Provisioning fields blank so that you can first perform a Test SAML Login to retrieve the values. Then you can always enter the values and save your configuration. 7. Click Create. 8. Click OK in the confirmation dialog popup. 9. If required, you can update the configuration settings if you made a mistake. Simply click Save to keep the changes. 10. To test if the configuration is correct, click Test SAML Login. This should open a new tab and navigate to the IDP that your DCAM server is setup with, prompting a login. 11. Enter valid login credentials and Login 12. You should be redirected back to YuJa, signed in as a new user.

NOTE: logging in as a new user will log the original account out. Log out of the newly created account and log back in as an IT Manager. Then navigate back to the Admin Panel Integrations SSO DCAM (SAML). 13. Once you have verified that the DCAM SSO works, you can choose to activate the new authentication scheme for your institution. IMPORTANT: Only activate the new authentication scheme after successfully performing a test login and are ready to make it available for all users in your institution. 2.3 Dual Integration with LTI Overview If your institution has enabled both LMS Integration via LTI and also SSO access, then you have the choice to link the two integrations. We generally recommend this because it mean that irrespective of whether your users login via their LMS or their SSO, they will be presented with the same YuJa account information. In contrast, if Dual Integration with LTI is not setup, a user who uses both their LMS and SSO with YuJa will be provisioned with two separate accounts which in many cases isn t ideal. How It Works If your LTI provider within your LMS can be configured to provide YuJa with a unique identifier for the user in the ADFS system, it is possible to link the two accounts. 1. Configure your LMS to pass a custom LTI parameter to the YuJa tool called lis_person_sourcedid which contains the cross-matching SSO value. This can be an email, employee ID, or other field. You may need to consult your LMS platform s product documentation on how to set custom LTI parameters. YuJa will make use of this feature to link the two login methods to the same account. 2. Obtain the specific attribute name used in the SAML Response token whose value corresponds to the unique identifier used by the LTI provider. a. For example, if the unique identifier is the user's email address, then the linkage attribute might be urn:mace:dir:attribute-def:mail b. A complete list of the possible attribute names can be found in the DCAM metadata file, in the Attribute tags. 3. Enter this value into the Linkage Attribute field. Note: This textbox will only appear if your institution has enabled LTI access.

4. Click Save. 5. Now, when logging in for the first time via DCAM (SAML), the YuJa system will search for a link with an LTI account using the value of the linkage attribute. If found, the DCAM (SAML) account will be linked to the existing account. Otherwise, a new account will be provisioned as normal. All logins past the first one will continue to link to the YuJa account created or found on the first login. 3. Usage Once both sides have been configured and the SAML SSO has been activated, it is easy to test and see if everything was done properly. 1. Go to the institution s YuJa domain (i.e. https://<institution>.yuja.com) and press Login. This should redirect the user to the IDP that your DCAM server is setup with. 2. Enter valid credentials and sign in. 3. Once authenticated, the user should be redirected back to YuJa and the login was a success. 4. Additional Tools 4.1 How to Derive the Fingerprint of a Certificate The fingerprint of the IDP s certificate is used for additional security purposes when the SP is verifying a SAML response from the IDP. To derive the certificate s fingerprint, follow the instructions below: 1. Once you have the certificate, go to the following website: https://www.samltool.com/fingerprint.php 2. Paste the certificate in the X509 cert textbox. 3. Make sure sha1 is selected as the Algorithm. 4. Click Calculate Fingerprint. 5. Copy the FingerPrint value generated. This is the value used in the database. Note: The fingerprint should be an array of 20 bytes for sha1.

4.2 Useful Chrome Plugin for Debugging SAML Tokens If you are using Chrome, you may want to install a useful SAML plugin: https://chrome.google.com/webstore/detail/saml-chromepanel/paijfdbeoenhembfhkhllainmocckace?hl=en Once installed, simply open the developer tools in the browser (F12) and click on the SAML tab. Now, when doing an SP-initiated login, the SAML tokens sent by the browser will be shown in detail. This tool can be very useful in debugging SAML requests and responses.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback