Requesting UCTrust SSO (SAML) Integration
If you have an application that needs SAML/SSO integration with other UC campuses, contact your campus/site's UCTrust contact. They will help you document your request and direct it to the other campuses for implementation. For services deployed and managed by a third party, a campus representative is still required to act as the "application contact" for the requests.
Requirements:
The following is required before campuses will take action to enable SSO for a given application/Service:
- Application's entityID must be registered with InCommon.
- Application owner understands they are responsible for providing all user support (helpdesk, etc.) needed for their application.
- Application owner must have a business relationship or sponsor in UC (i.e., campus/lab).
- Application must meet all relevant UC security requirements. (See IS-3, etc.)
Procedure:
- Application owner and their UCTrust contact coordinate to fill out the Template for UCTrust SP integration v1.2.1.docx
- This is a Word doc you should download, rename and fill out with the details of your request.
- Significant discovery may be required with your campus UCTrust contact before this form can be successfully completed.
- The UCTrust contact adds the new Service Provider to the table on the SP Integration with UCTrust page
- Attach the Word doc created in 1.a. to this page.
- Create a new row in the table below. Link the Service Provider name (in column 1) to that Word Doc.
- For any locations that DO NOT need to complete this request, indicate this by putting "N/A" in their location's column.
- Note: This table can be shared with the Application owner, so they can monitor the status of their request
- The UCTrust contact notifies locations of the new request
- Send brief summary of your request to the UCTrust mailing list (UCIDMGMT-L@listserv.ucop.edu).
- Call out any key information, especially the desired due date
- Optionally, also share this summary information in the #uctrust channel on the uctech slack.
- Send brief summary of your request to the UCTrust mailing list (UCIDMGMT-L@listserv.ucop.edu).
- Location IAM teams, upon receiving this request should
- Reach out to the requesting UCTrust contact with any questions about the request
- Schedule the implementation of the SSO integration.
- Especially if the implementation won't be done quickly note the planned implementation date in their location's column for that row.
- When the SSO configuration is completed, put an "E" (or other appropriate indicator) in their location's column for that row.