Introduction |
---|
Why? When using Single sign-on software (abbreviated to SSO), you as a user do not have to remember different passwords for different applications each time. You now only need to log in once to your workstation, after which you automatically get access to the Coachview training portal. You don't have to log in every time, and the login screen is no longer displayed. |
There are 2 methods for integrating SSO. |
Method 1 (preference): Via 'IdpInitiated Single Sign-on' from your own 'Identity Provider'. From there, a signed SAML request is sent to the Idp via http-post. If you are logged in and authorized on your side (the Idp), the Idp will send back a signed SAML response containing an (possibly encrypted) assertion with at least the "Name Id" claim filled. Coachview checks the signature and whether the "name id" claim contains the unique (external) Id that is known to the person. You will then be automatically logged into the training portal. |
Methode 2: You log in via Single Sign-on via the login page of the training portal. So you surf to https://<client name> opleidingsportaal.nl. This is also known as the service provider-initiated Single Sign-on. Note: In most cases, this login screen will no longer be displayed, but you will be redirected and/or logged in immediately. |
What does it take?
|
Important terms:
|
What do we need from you? |
Two possibilities:
Note: If your certificate expires and is replaced, this new certificate must be delivered to the Coachview helpdesk in time. The new certificate will not be replaced automatically. One claim type "Name ID". This must be filled with the unique identifier (ExternId with person), which is used in Coachview for the unique identification of the persons. The secure hash algorithm sha-1 or sha-256 (preferred) is used to verify the signature. Can the person automatically log into the training portal? Yes or No. Should it still be possible to log in via username and password? Yes or No. Does your certificate need to be assessed for validity? If so, the certificate must be valid and familiar. (No self-signed certificate, but issued by a trusted certificate authority. |
Steps-by-step plan | Who? |
---|---|
Provide the required data. see "What do we need from the customer". Creation of the training portal. | You. Coachview. |
Activeren SAML2 authentication provider en settings inregelen Coachview. | Coachview. |
Set up Idp when the training portal is created... Metadata of the training portal (service provider) is displayed:
This can be used to (automatically) configure your Idp with for example Microsoft Active Directory Federation Services (ADFS). | You. |
Set claim type. This must be filled with the unique identifier (ExternalId to person), which is used in Coachview for the unique identification of the persons. | You. |
The secure hash algorithm sha-256 (recommended) or sha-1 (not recommended) for verifying the signature. | You. |
How are you going to give the person access to your training portal? You have 3 methods for this. Method 1: Automatische actions Coachview
Method 2: Creation in portal as user (the first time) is authenticated via SSO in Training portal. Setting up in Training Portal or person in Coachview needs to be created/changed. In the case of a Hrm link, this is standard NO Parameter "Create user". Method 3: Manual creation from Coachview. | Coachview. |
Creation of 1 test person to check SSO. | You and Coachview. |
If import 'Companies and Persons' is used - check for ExternalID. Note: if there is an error in this import, it is difficult to correct it. | Coachview. |
Import 'Companies and Persons'. Final check. | You and Coachview. |