Overview of Single Sign On (SSO) Methods

SSO Integration

Single Sign-On (SSO) is a method of access control of multiple related, but independent software systems. With this method a user logs in once and gains access to all systems without being prompted to log in again at each of them.

It is important to note that while SSO once implemented is incredibly easy for end users, it is very complicated for technical staff to implement and requires high levels of resources and knowledge.

CompliSpace Fundamentals supports two methods of SSO suitable to different needs and in-house skill sets available for implementation.

SSO Using SAML 2.0

CompliSpace supports the SAML 2.0 protocol.

CompliSpace Technology supports this single sign-on experience as the integration of a SAML 2.0 compliant Identity Provider (IdP) you have already installed and made operational. CompliSpace Technology will do it's best to provide support with the SAML protocol, however your Identity Provider (IdP) is a third-party product and therefore CompliSpace Technology does not provide detailed support for the deployment, configuration, troubleshooting, best practices, etc. Issues and questions regarding your Identity Provider (IdP) should be directed to your vendor.

CompliSpace Technology recommends that you engage Student Net for your identity requirements.

If you do not already have extensive experience with implementing and configuring SAML 2.0 Identity Providers, CompliSpace Technology highly recommends against doing this your self.

For those using Microsoft products, ADFS provides some level of SAML support.

It has been our experience that many Microsoft Certified Partners have no more than an 'able to install the software' level of knowledge when it comes to SAML integration and struggle when it comes to actual implementation.

Integrating with CompliSpace Fundamentals using SAML 2.0 allows your directory to tell CompliSpace details about the user such as name and email address. It also has the advantage that access permissions in Fundamentals are controlled by your directory, allowing a single 'source of truth' without having to manage permissions separately inside Fundamentals.

More Information on SAML 2.0 Integration

StudentNet
SSO For CompliSpace Fundamentals
Microsoft Learning - Implementing Active Directory Federation Services 2.0
ADFS Claim Rules. These work with our ADFS testing server. Your mileage may vary.

SSO Using Referred Sign In

CompliSpace Fundamentals supports a mechanism where a URL to Fundamentals can be signed by a trusted source. The signature includes the user that is to be signed in along with an expiration that can be no more than 6 hours.

If you are familiar with how AWS signs access to S3 objects you will feel at home!

This method is good when you don't want to invest in the infrastructure of identity management, but already have a small portal or web page (often an intranet) where your users have already authenticated.

Referred sign in allows your portal page to create a unique link for each user such that when they follow it to Fundamentals they will be logged in automatically.

You must have server side web programming skills and access to your portal's server side scripting to implement Referred Sign In.

You should be familiar with concepts such as HMAC, SHA and BASE64 encoding.

More Information on Referred Sign In

Feature Matrix

Method	Skills	Implementation Skill	Single Source for Users and Permissions	3rd Party Integration	Prerequisites
SAML 2.0	Able to install and configure a SAML 2.0 IdP	Experienced SAML Administrator	Yes	Yes	Working SAML 2.0 IdP Systems Administrator with SAML knowledge
Referred Sign In	Able to program server side web scripts	Developer with medium crypto skills	No	No	Existing portal that can validate users Access to your portal's back end code Developer with basic crypto knowledge