storm provides a single sign-on service that allows users to sign on to their storm account automatically when they log in to a third-party product, without having to provide their storm username and password. Typical examples of single sign-on would be:
You must set up a separate identity provider for each third-party system, and then add details of each user that will use that system for single sign-on to storm. The identity provider performs the initial authentication when a user logs on, and passes the user's login details to storm's single sign-on service provider.
A window is displayed.
Field |
Description |
Name |
Enter a value that will help you identify the third-party product for which this identity provider has been set up. |
Allow use by suborganisations |
Select this check box if you wish to share the identify provider with sub-organisations. |
ACS binding |
The SAML protocol binding for the assertion consumer service endpoint to which authenticated user login credentials are transmitted. This is configured by Content Guru. |
Use NameID as SAML attribute name |
The name of the attribute in the SAML response that the name provided in the user's credentials must match |
NameID format |
Select the format in which the name must be provided to the service provider. If you do not want to enforce a single format, select 'Unspecified'. |
Entity ID |
The identity provider's URL. |
SSO binding |
The binding to use for single sign-on. This is configured by Content Guru. |
Authentication Context |
Select the authentication method to be used. If you do not want to enforce a single method, select 'Unspecified'. |
SSO URL |
The URL to be used for binding with the single sign-on service. |
X.509 certificate |
Upload the certificate to be used by the identity provider. |
Allow identity provider initiated SSO |
Select this check box to enable single sign-on for this identity provider and third-party product. |
Once you have set up an identity provider, it is included in the window displayed when you select the System Admin > Identity Providers menu option.
The metadata URL is the unique identifier for the identity provider, and is generated automatically by the system.
You can identify the users that will log in to this third-party product using single sign-on either individually, or via a bulk update using a CSV file.
Bulk updates can be made to the information held against an identity provider to:
The columns must be in the order shown, and the file must include the header row, with the column titles shown. It must not have more than 400 lines.
Note: the Clear All button removes all SAML mappings for the selected identity provider.
You may need to disable single sign-on for a third-party product in emergencies (for example, if the third-party product is unavailable) to allow users to sign on to storm directly temporarily.
Once the emergency situation has ended, you can re-import the saved CSV file to reactivate single sign-on functionality.