Ocelot can use a college's single sign-on (SSO) for several purposes. This document outlines the requirements and steps to implement SSO for Ocelot applications.
Admin SSO Configuration for College Staff Members (Virtual Assistant)
Admin SSO allows college staff members to connect to our applications using their campus credentials.
Getting Started
Before moving forward, please consider the following questions.
Does the college have separate SSO tenants for different populations (applicants, students, staff, faculty, etc)
Does the college have separate SSO tenants for production and non-production (test) applications?
Is the SSO solution SAML2 compliant?
Setting up Admin SSO
Setting up SSO authentication with Ocelot involves the following steps, which must be completed twice (two metadata sets would be shared) if the college has separate SSO tenants for production and non-production (test) applications.
The college provides Ocelot with SSO metadata, either with a URL or XML file.
Ocelot will configure our applications and return our metadata.
The college will configure its Identity Provider (IdP) using Ocelot metadata.
When configuring the Identity Provider (IdP), Ocelot requires both the SAML Assertion and SAML Response to be signed.
Admin Portal SSO
The following claims need to be released and mapped as listed:
If any of these attributes are unavailable, we will work with the college to ensure we have all the required fields. Review the Single Sign-On (SSO) FAQ's article for frequently asked questions.
Student SSO Configuration
Student SSO allows the college’s students to authenticate with their campus credentials to receive Ocelot services, such as answers in SIS virtual assistant connectors, Live Conversation Authentication, and access to the GetCounseling/GetSAP portal.
Getting Started
Before moving forward, please consider the following questions.
Does the college have separate SSO tenants for different populations (applicants, students, staff, faculty, etc)
Does the college have separate SSO tenants for production and non-production (test) applications?
Is the SSO solution SAML2 compliant?
Setting up Student SSO
Setting up SSO authentication with Ocelot involves the following steps, which must be completed twice (two metadata sets would be shared) if the college has separate SSO tenants for production and non-production (test) applications.
The college provides Ocelot with SSO metadata, either with a URL or XML file.
Ocelot will configure our applications and return our metadata.
The college will configure its Identity Provider (IdP) using Ocelot metadata.
When configuring the Identity Provider (IdP), Ocelot requires both the SAML Assertion and SAML Response to be signed.
Student SSO (Virtual Assistant and Live Assistant Authentication)
The following claims need to be released and mapped as listed:
Student SSO (GetCounseling/GetSAP)
The following claims need to be released and mapped as listed:
If any of these attributes are unavailable, we will work with the college to ensure we have all the required fields. Review the Single Sign-On (SSO) FAQ's article for frequently asked questions.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article