Setting up an authentication provider is needed when configuring an SIS integration or live chat authentication. 


Complete the following steps to set up an authentication provider. 


1. The person setting up the authentication provider must have Chatbot - Administrative permissions. If you do not have access to the Integrations section, please contact your campus Permissions Manager to request access. 


2. On the navigation pane, under Integrations, select the Authentication Provider tab.



3. Select the Add new Authentication Provider icon in the lower right corner.

Add Auth Provider Button



4. Enter the following fields:

  • Provider Name - This can be anything you choose to name your authentication provider set up, such as SSO, Portal Guard, or Asure AD.
  • Domain - must be school domain + bot.id (example: ocelot.bot.id).  Note: On this domain name, use the domain that the school uses for their .edu webpages.
  • From the dropdown, select the Provider Type (Currently only one provider type is supported: SAML 2.0).



5. Next, you will need to provide your metadata. Select either to provide your metadata through a URL  or an XML file. 


If you select the SAML Metadata URL option, enter the URL to access your metadata. 

If you select the SAML Metadata XML option, select the Read SAML Metadata button and upload the SAML Metadata file.

SAML metadata file


The metadata XML contents will be visible in the dialog. 

#

6. Select the Save button. 

*Note no metadata will be sent to Ocelot until the Save button has been selected.


7. Submit a Support Ticket requesting help completing your authentication provider setup. A team member from our Integrations team will be in contact with you to finalize the final steps to set up your authentication provider and provide you with the Ocelot metadata to complete the authentication provider setup. 


8. Once you have received the Ocelot metadata, you will need to connect with your IT department to configure your institution's IdP Provider and complete the following field mapping:


As part of the SSO authentication, Ocelot requires the following claims to be released and mapped as listed:    


Attribute

Mapped Name

First/Chosen Name

firstName

Last Name

lastName

Email

email

Full Name

fullname

Username

username

Student ID

nameID


If any of these attributes are not available Ocelot will work with the college to ensure we have all required fields.


Authentication providers cannot be deleted if they are in use for any purpose. You can view authentication providers that are in use under Chatbot > Behavior Settings in the Global Behavior and/or Office settings.