Single Sign-On (SSO) Overview

Modified on Fri, 13 Sep at 12:16 PM

Single Sign-On (SSO) Overview


Ocelot can use a college's single sign-on (SSO) for several purposes. This document outlines the requirements and steps to implement SSO for Ocelot applications.



Admin SSO Configuration for College Staff Members (Virtual Assistant)


Admin SSO allows college staff members to connect to our applications using their campus credentials.


Getting Started

Before moving forward, please consider the following questions.

  1. Does the college have separate SSO tenants for different populations (applicants, students, staff, faculty, etc)

  2. Does the college have separate SSO tenants for production and non-production (test) applications?

  3. Is the SSO solution SAML2 compliant?


Setting up Admin SSO

Setting up SSO authentication with Ocelot involves the following steps, which must be completed twice (two metadata sets would be shared) if the college has separate SSO tenants for production and non-production (test) applications.


  1. The college provides Ocelot with SSO metadata, either with a URL or XML file.

  2. Ocelot will configure our applications and return our metadata.

  3. The college will configure its Identity Provider (IdP) using Ocelot metadata.

    1. When configuring the Identity Provider (IdP), Ocelot requires both the SAML Assertion and SAML Response to be signed.


Admin Portal SSO
The following claims need to be released and mapped as listed:

Attribute

Mapped Name

First/Chosen Name

firstName

Last Name

lastName

Email

email

Full Name

fullname

Username

username

Email

nameID


If any of these attributes are unavailable, we will work with the college to ensure we have all the required fields. Review the Single Sign-On (SSO) FAQ's article for frequently asked questions.



Student SSO Configuration


Student SSO allows the college’s students to authenticate with their campus credentials to receive Ocelot services, such as answers in SIS virtual assistant connectors, Live Conversation Authentication, and access to the GetCounseling/GetSAP portal.


Getting Started

Before moving forward, please consider the following questions.

  1. Does the college have separate SSO tenants for different populations (applicants, students, staff, faculty, etc) 

  2. Does the college have separate SSO tenants for production and non-production (test) applications?

  3. Is the SSO solution SAML2 compliant?


Setting up Student SSO 

Setting up SSO authentication with Ocelot involves the following steps, which must be completed twice (two metadata sets would be shared) if the college has separate SSO tenants for production and non-production (test) applications.


  1. The college provides Ocelot with SSO metadata, either with a URL or XML file.

  2. Ocelot will configure our applications and return our metadata.

  3. The college will configure its Identity Provider (IdP) using Ocelot metadata.

  4. When configuring the Identity Provider (IdP), Ocelot requires both the SAML Assertion and SAML Response to be signed.


Student SSO (Virtual Assistant and Live Assistant Authentication)
The following claims need to be released and mapped as listed:

Attribute

Mapped Name

First/Chosen Name

firstName

Last Name

lastName

Email

email

Full Name

fullname

Username

username

Student ID

nameID




Student SSO (GetCounseling/GetSAP) 

The following claims need to be released and mapped as listed:

Attribute

Mapped Name

First/Chosen Name

firstName

Last Name

lastName

Email

email

Full Name

fullname

Username

username

Email

nameID


If any of these attributes are unavailable, we will work with the college to ensure we have all the required fields. Review the Single Sign-On (SSO) FAQ's article for frequently asked questions.




Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article