Ocelot can use a college's single sign-on (SSO) for several purposes. This document outlines the requirements and steps to implement SSO for Ocelot applications.


SSO Overview

  • Admin SSO allows college staff members to connect to our client admin using their campus credentials.

  • Student SSO allows the college‚Äôs students to authenticate with their campus credentials to receive Ocelot services:

    • Answers in SIS integration chatbots

    • Live chat help

    • Access the GetCounseling/GetSAP portal


Questions

A few questions need to be considered before moving forward:

  1. Does the college have separate SSO tenants for different populations (applicants, students, staff, faculty, etc)

  2. Does the college have separate SSO tenants for production and non-production (test) applications?

  3. Is the SSO solution SAML2 compliant?


The response to these will frame the requirements to set up SSO.


Configuration

The process of setting up SSO authentication with Ocelot involves the following steps:

  1. The college provides Ocelot with its SSO metadata, either with a URL or XML file.

  2. Ocelot will configure our applications and return our metadata.

  3. The college will configure its Identity Provider (IdP) using Ocelot metadata.

  4. When configuring your Identity Provider (IdP), Ocelot requires both the SAML Assertion and SAML Response to be signed.


If a college has separate SSO tenants for production and non-production (test) applications, the above steps would be repeated twice (two metadata sets would be shared).


Mappings

  • Student chatbot integration & Live chat authentication

    As part of the SSO authentication, Ocelot requires the following claims to be released and mapped as listed:

Attribute

Mapped Name

First/Chosen Name

firstName

Last Name

lastName

Email

email

Full Name

fullname

Username

username

Student ID

nameID


  • Admin Portal SSO & GetCounseling/GetSAP

    As part of the SSO authentication, Ocelot requires the following claims to be released and mapped as listed:

    Attribute

    Mapped Name

    First/Chosen Name

    firstName

    Last Name

    lastName

    Email

    email

    Full Name

    fullname

    Username

    username

    Email

    nameID


If any of these attributes are unavailable, Ocelot will work with the college to ensure we have all the required fields.


Review the Single Sign-On (SSO) FAQ's article for frequently asked questions.