Single Sign-On (SSO)

 

This section is complementary to the step 11 in Installing the Web Application and Distribution.

Single Sign-On allows users to connect only once for several services.

It is possible to associate SEI to an SSO server using SAML2 protocol. Many service providers offer SSO.

For example, the following procedure is given by Microsoft for Azure SSO (click here for more details).

1. Add an unlisted application Azure AD Single Sign-On .
2. Enter the following information:
   • Sign on URL: SEI login URL (e.g. https://yourserver:81) .
   • Identifier: this URI must match the SEI Issuer URI configuration made when installing the package (e.g. https://yourserver:81/webclient) .
   • Reply URL: SEI connection page (e.g. https://yourserver:81).
3. The next screen provides the following information:
   • A certificate to save in: C:\inetpub\wwwroot\WebClient\App_Data.
   • Issuer URL: copy and paste to the line ID Provider Issuer Name.
   • Single Sign-ON Service URL: copy and paste to the line ID Provider URL.
   • Single Sign-OUT: note that Single Sign Out is currently not available. Sign out of SEI has to be done in its own application.
     Note

     A field with the login for SEI must also be defined. This name has to match with the line for SAML2 answer’s attribute for user name. This is used for SSO with Active Directory.

     Example

     Here, the name is mailnickname:
     

     Note

     More details on this setting can be found here.

4. The last step is to authorize users to use the application. Then they will be able to connect to SEI at the same time than their other services.