Help

Support for Single Sign-On (SSO) with SAML 2.0 - Question

jgwatson
Contributor

Posted on ‎08-02-2016 05:39 PM

You can now use the Casper Suite to integrate with a third-party Identity Provider and enable Single Sign-On access for the JSS, User-Initiated Enrollment or Self Service for OS X. When enabled, authentication is handled by the Identity Provider instead of the JSS. To access this feature in the JSS, navigate to Settings > System Settings > Single Sign-On.

Question: We are not using LDAP FYI, I manually create accounts for students. Does this new feature mean I can send a link to my current students (Webclip), and this would enable them to sign in with their Google Apps accounts and that would link them to the iPad they used to sign in with in the JSS?

Labels:
0 Kudos
1 REPLY 1

beth_lindner
New Contributor
New Contributor

Posted on ‎08-03-2016 08:26 AM

@jgwatson Any provider that supports SAML 2.0 can be setup in the JSS to be an Identity Provider. If we successfully integrate Google as our Single Sign-on, we can then use Google accounts to authenticate into all of the listed components. For example these students could then use their SSO authentication account to log into the User-Initiated Enrollment URL, if setup is completed appropriately. The SSO solution does require that the JSS Users & Accounts have a matching user or user group in the IdP for mapping. So if user watson exists in Google, the JSS would also need to have a User Account watson, if we're matching based on username. If Google has a user group named Students, the JSS would also need to have a User Group named Students, if we're matching based on group name. This mapping is how Casper Suite authorization privileges are granted. If there are any issues or questions getting SSO setup, please feel free to contact our Support department.

0 Kudos