Single Sign On SSO For the Functional User
- Slides: 23
Single Sign On (SSO) For the Functional User ABBY DA WSON, UNIVERSITY SYS TEM O F G EORG IA WEDNE SDA Y, OCTOB ER 14 11: 00 AM CENT RAL SESSI ON 3. 3
Introduction A majority of Ellucian applications, including Banner and Degree Works, now require Single Sign On. A foundational understanding of SSO can be extremely helpful for the functional user when starting to troubleshoot application issues. This presentation will provide a highlevel overview of Single Sign On authentication methods. COHESION SUMMIT 2
• Provide support and training for 26 public institutions in the University System of Georgia • Banner Degree Works experience from end user to Super. USER COHESION SUMMIT 3
Agenda 1 What is Single Sign On? 2 How does SSO impact Ellucian Applications? 3 Signing Out 4 Troubleshooting COHESION SUMMIT 4
What is Single Sign On? I THOUGHT I ALREADY KNEW HOW TO LOG ON
What is Single Sign On? Single Sign On (SSO) is a Session and User authentication service. • Permits a user to use one set of login credentials to access multiple applications • SSO service authenticates the end user for all the applications the user has been given rights to • Eliminates further prompts when the user switches applications during the same session COHESION SUMMIT 6
Terms to Know Service Provider: • Degree Works, Banner, etc Identity Provider: SSO Protocol: • Ethos Identity, Active Directory Federation Services (ADFS), Gluu, Shibboleth • Central Authentication Service (CAS), Security Assertion Markup Language (SAML) COHESION SUMMIT Backend Directory: • Active Directory (AD), Lightweight Directory Access Protocol (LDAP) 7
Single Sign On Example Using CAS 1. User access an SSO enabled web application through a browser SSO Enabled Browser Web Application 4. Passport grants user access to application CAS Server 2. Application passes request for authentication to CAS 3. Backend Directory validates credentials and creates a passport LDAP COHESION SUMMIT 8
How does SSO impact Ellucian applications? ALTOGETHER NOW
SSO and Ellucian Applications • Single Sign On now required • One set of credentials passed between applications • Sign in once and then navigate between applications • All users must be mapped in order to access applications • Work with your SSO Manager if you have questions about how to accomplish this. COHESION SUMMIT 10
Sign Out MAKING SURE YOU REALLY DID LOG OFF
Sign Out • Exiting an application may not log you out of Single Sign On • Your passport may still be active • Terminate your Single Sign On session to fully log out of all applications COHESION SUMMIT 12
Sign Out - Is it an Issue? How can I test this? • • Sign in to an application with your SSO credentials. Terminate the application session. Sign in with test credentials (for a testing user) Whose information do you see? What permissions do you have? COHESION SUMMIT 13
Security Basics For shared machines, consider the following configurations: • Educate users to click “Sign out” after using public computers and not just close the tab or browser. • Configure shared machines to clear cookies on exit. This will ensure even if a user does not click logout, their session will be terminated when the browser is closed. • Set application time outs as short as is reasonable/tolerable. • Where possible, configure applications to log users out of their SSO session when they log out of the application. Remember that this will terminate any application sessions using SSO, however. COHESION SUMMIT 14
Troubleshooting SOMETIMES IT’S TRICKY
Troubleshooting Issues Commonly Encountered • 500 Error • Invalid Credentials / Access Denied • Blank Page COHESION SUMMIT 16
500 Errors ◦ Indicates an authentication issue, not necessarily an application issue ◦ May see different messaging ◦ Work with application manager and Single Sign On manager to resolve COHESION SUMMIT 17
Access Denied • Indicates an issue with your Single Sign On credentials • Or the application is redirecting to incorrect authentication link • Work with application manager and Single Sign On manager to resolve COHESION SUMMIT 18
Blank Page • Authenticates but then see a blank screen • Issue with redirect – response is not received by the application in the expected format • Work with application manager and Single Sign On manager to resolve COHESION SUMMIT 19
Common Root Causes • Active Directory has inaccurate data • Application does not receive a response in the expected format ◦ Example: Banner. Admin expects a JSON response and returns “Service Invocation Failed” when another type of response is sent COHESION SUMMIT 20
• Single Sign On (SSO) is an authentication service that uses one set of login credentials to access multiple applications. Summary • Closing an application does not necessarily terminate your SSO session. You will need to ensure you have signed out of SSO as well. • Authentication errors for applications using SSO credentials will require troubleshooting assistance from both the application manager and the SSO manager. COHESION SUMMIT 21
Questions? COHESION SUMMIT 22
Thank You! Abby Dawson abby. dawson@usg. edu SESSION ID # 3. 3 COHESION SUMMIT 23
Broward single sign on
Single user and multiple user operating system
Single user and multi user operating system
Divided highway begins sign
Space maintainer types
Non functional plasma enzyme
Plasma enzymes
Functional and non functional
Single user contiguous
Single user multitasking os
Jvp up to mandible คือ
Trousseaus
Chvostek sign trousseau sign
Kernig sign brudzinski sign
Same signs add
Logineo sign in
Usc single sign on
Manatee sso
Ibm esso
Susd single sign on student
Customer net ge
Sisd example
Single instruction single data
Single channel single phase example
