Smartstaff
1,385
edits
Changes
→User Creation Option (JIT Provisioning)
: '''Assertion Target URL''' - target site url
: '''Assertion Private Key''' - private key to establish connection with the target site.
=====User Creation Option(JIT Provisioning)=====
When users need to be created on the fly after SSO authentication, the following configuration settings are available:
* '''Default Organization <span style="color: #ff0000;">*</span>'''– assigned user’s parent organization for new users
* '''Default New Organization Status'''– assigned parent organization’s status for new organizations
'''<span style="color: #ff0000;">* <span style="color: #000000;">- mandatory fields when creating users thru SSO.</span></span>'''
[[File:SSO_UserCreation.png|thumb|none|500px|SSO User Creation Settings.]]
=====Optional Attibutes=====
The following optional attributes can be used in the assertion. Please note that they are case sensitive and should be labelled exactly.
* '''SSOModule''' - used to specify the SmartSimple SSO connection when there are multiple connections configured. i.e. "SAML2" for prod, "SSOBK" for backup instance, "SSODEV" for dev instance, "SSOTest" for test instance. Note that the attribute name and attribute value are case sensitive
* '''Email'''
* '''First name'''
* '''Last name'''
* '''Department''' - used to update the user's organization. This will attempt to match an organization by name and will move the user to that organization if found.
* '''Roles''' - used to update the user's roles in SmartSimple for new users. This should be a comma delimited list of SmartSimple user roles (by name) to be assigned to the user.
* '''Language''' - used to specify the initial language displayed to the user. This should be an integer value that corresponds with a language ID value in SmartSimple (e.g. 1=English).
=====Role Mapping=====
Additional settings to be configured is from the main login page ('''''Waffle''''' → '''''Global Settings''''' → '''''Branding''''' → '''''Login Pages''''') under the Single Sign-On section, select the MES Group Identifier from the dropdown list, and add button label i.e. ''Employee Login''.
====X.509 Certificate on the SP-Initiated SSO====
</pre></div>
==Adding Login Adding URL Redirect in the Login Page==From the [[Login Page]], the SSO URL redirect can be added to redirect internal users to the client's Identity Provider login page. To configure, go to 1. Waffle → Global Settings → Branding → Login Pages 2. From the Login Pages listview, select the default login page to add the SSO URL redirect to. 3. Go to the Singe Sign-On section, select the MES Group Identifier and add the Link Label i.e. Employee Login 4. Click Save Variables to use in a custom page layout:
* @ssodisplaylink@ - the variable to use to add the Link Label and hyperlink in the login template
* @ssotargetlink@ - the variable to use to retrieve the SSO login URL<br /> <br />
==Troubleshooting==
