- 18 Apr 2024
- 6 Minutes to read
- Print
- DarkLight
1. Configure Infinite BrassRing Platform Service Provider (SP) Inbound SSO
- Updated on 18 Apr 2024
- 6 Minutes to read
- Print
- DarkLight
Abstract
This page describes configuring the Infinite BrassRing Platform Service Provider inbound SSO.
Configure Infinite BrassRing Platform (SP) inbound SSO
Configuring Inbound SSO involves telling the Infinite BrassRing Platform about required details of your organization's Identity Provider (IdP) system and the exchange of XML metadata and security certificates. There are two steps to this process:
Your organization has SAML metadata files, and certificates that must be added to Infinite BrassRing Platform.
You must add the Infinite Infinite BrassRing Platform metadata files to your SSO Identity Provider.
A user must be selected to configure the Infinite BrassRing Platform SSO with ADMIN role. For more information on assigning users with ADMIN role, see Manage Users.
If any edits are made to the Edit Inbound SSO configuration page are made, the Login URL must be regenerated on the Identity source page.
Relevant eLearning
Configure Single Sign-On (Interactive Tutorial)
Setting up Single Sign-On
It is recommended to contact your IT department to obtain the following information. After you have these details, the Infinite BrassRing Platform SSO can be configured.
your organization's SAML metadata files.
If needed, the SSO certificates. your organization's security and Encryption certificates might be included in the metadata files.
The Identity Provider’s Entity Identifier.
The Identity Provider’s Single-Sign on Service Location URL.
The Identity Provider’s Single Logout Service Location URL.
To configure the Infinite BrassRing Platform Service Provider inbound SSO, log in to Infinite BrassRing Platform as the SSO Administrator and select the Application Launcher → Admin.
Select Menu → SSO → Inbound.
The Edit Inbound SSO configuration page opens. Drop your organization’s SAML metadata file into the section provided, or select Or select file manually, select the file from your computer, and select Upload. If your organization does not have a metadata file, these settings can be manually entered into the Basic Settings section.
A notification opens to select HTTP Request Binding. Select either HTTP POST or HTTP REDIRECT for Request Binding. This setting applies to both single sign-on and logout service location. Infinite BrassRing Platform supports both HTTP Redirect and HTTP Post. The option to select depends on your organization's IdP system’s capabilities and how it is configured by administrators.
The Basic Settings section populates with the details from the metadata file. Verify these details against the details collected from your IT department, and if needed, edit the values.
Entity Identifier is the identifier of your organization's IdP system.
Single Sign-on Service Location is the URL of your organization's IdP system.
Single Logout Service Location is the URL of the SSO logout end point that is provided by your organization's IdP system.
If your organization's Signing certificate is not included in the SAML metadata file, the certificate must be uploaded manually. Drop the signing certificate file into the section provided, or select Or select file manually, select the file from your computer, and select Upload.
If your organization's Encryption certificate is not included in the SAML metadata file, the certificate can be uploaded manually. The use of an Encryption certificate is optional and used for encrypting the SAML Assertion. It can be obtained from your organization’s IdP system admins. Drop the Encryption certificate file into the section provided, or select Or select file manually, select the file from your computer, and select Upload.
Complete the Advanced Settings section.
Select Identity Provider expects Authentication Requests to be Signed if your organization's identity provider system requires the authentication request from Infinite BrassRing Platform to be signed.
Select Consider all users eligible for SSO.
Users can be set up as SSO enabled during user creation or a user import. If users were set up before SSO was enabled, these users are not SSO enabled. Selecting this option enables all users to log in by using SSO regardless of the enable SSO attribute on their user profile.
If this option is not selected, and a user does not have the SSO attribute, the user cannot log into and be authenticated by Infinite BrassRing Platform with SSO.
Select UID in Lower Case if the User Identifier (UID) is sent by the identity provider in uppercase, but the user’s username is in lowercase in Infinite BrassRing Platform. If this option is not selected, the user’s, username in the Identity Provider or Infinite BrassRing Platforme must be edited to match the case used. For example, select this option if a user’s identity is BSMITH in the identity provider, and bsmith in Infinite BrassRing Platform, or update the user’s identity to bsmith in the identity provider.
Contact your organization's Infinite Representative before configuring a Custom UID Attribute to confirm the settings are correct before configuration. Select Use Custom UID Attribute to include a custom attribute.
Insert the UID Attribute into the section provided. A custom UID property might be specified if the username is not being passed in the NameID field of the incoming SAML request. The Custom UID property can be used to specify the property name that is being used.
Select Submit.
Configure the Identity source
Configuring the Identity Source requires the configuration of the Login URL. Optional configurations include configuring a Remember login page option, an authentication option, and configuring a custom Logout landing URL.
Process
To configure the identity source, log in to Infinite BrassRing Platform as Administrator and select the Application Launcher → Admin.
Select Menu → SSO → Identity source.
The Configure Identity Source page opens.
Select Enable single sign-on (SSO).
Select Generate Login URL. Do not enter the URL manually.
A notification window opens. Select the name identifier format from the options provided. The default options that are selected are set with the SAML metadata.
Select OK.
The Login URL generates based on the information entered in the Inbound SSO page. If any settings on the Inbound SSO page are updated, the URL should be regenerated.
If needed, select Remember login page to automatically direct users to the same login page as they used before. For example, users can be directed to either the Infinite Infinite BrassRing Platform login page, or the Identity Providers login page when they log out of Infinite BrassRing Platform.
If this field is not selected, users are always directed to the Infinite Infinite BrassRing Platform login page at their next login, after they log out of the Infinite Infinite BrassRing Platform or close the browser window.
Enabling Remember login page is not recommended when users log in to Infinite Infinite BrassRing Platform from publicly accessible or shared devices.
If needed, insert a Limit to the number of days to remember the login page.
A value of 0 means that after each login, the login page last used is not remembered by the browser.
A value of 1 or greater defines the number of days the login page is remembered by the browser.
In the Authentication section, if needed, select Authentication by identity provider only if the only authentication is completed by the identity provider. If Authentication by identify provider only is not enabled, users authenticate with Infinite BrassRing Platform, or a combination of both the identity provider and Infinite BrassRing Platform.
It is recommended that this option is not selected before completing the testing of the IdP settings. This option bypasses the Infinite BrassRing Platform login page and if selected, might create difficulties logging back into Infinite BrassRing Platform to configure Single Sign-On.
After the testing is completed and the SSO is working return to this page to enable this function if needed.
In the Logout section, insert a URL in the Custom logout landing page field to open when the user logs out of Infinite BrassRing Platform. If no custom logout landing page is configured, the Infinite BrassRing Platform logout page opens.
Select Submit.