UCTrust Workgroup
Child pages
  • Procedure for On-Boarding New SPs

Requesting UCTrust SSO (SAML) Integration

If you have an application that needs SAML/SSO integration with other UC campuses, contact your campus/site's UCTrust contact. They will help you document your request and direct it to the other campuses for implementation. For services deployed and managed by a third party, a campus representative is still required to act as the "application contact" for the requests.

Requirements:

The following is required before campuses will take action to enable SSO for a given application/Service:

  • Application's entityID must be registered with InCommon.
  • Application owner understands they are responsible for providing all user support (helpdesk, etc.) needed for their application.
  • Application owner must have a business relationship or sponsor in UC (i.e., campus/lab).
  • Application must meet all relevant UC security requirements. (See IS-3, etc.)

Procedure:

  1. Application owner and their UCTrust contact coordinate to fill out the Template for UCTrust SP integration v1.2.1.docx
    1. This is a Word doc you should download, rename and fill out with the details of your request.
    2. Significant discovery may be required with your campus UCTrust contact before this form can be successfully completed.

  2. The UCTrust contact adds the new Service Provider to the table on the SP Integration with UCTrust page
    1. Attach the Word doc created in 1.a. to this page.
    2. Create a new row in the table below. Link the Service Provider name (in column 1) to that Word Doc.
    3. For any locations that DO NOT need to complete this request, indicate this by putting "N/A" in their location's column.
    4. Note: This table can be shared with the Application owner, so they can monitor the status of their request
  3. The UCTrust contact notifies locations of the new request
    1. Send brief summary of your request to the UCTrust mailing list (UCIDMGMT-L@listserv.ucop.edu).
      1. Call out any key information, especially the desired due date
    2. Optionally, also share this summary information in the #uctrust channel on the uctech slack.

  4. Location IAM teams, upon receiving this request should
    1. Reach out to the requesting UCTrust contact with any questions about the request
    2. Schedule the implementation of the SSO integration.
    3. Especially if the implementation won't be done quickly note the planned implementation date in their location's column for that row.
    4. When the SSO configuration is completed, put an "E" (or other appropriate indicator) in their location's column for that row.


  • No labels