IT Services will migrate spaces.ais.ucla.edu content to the Atlassian Confluence Cloud. Spaces will be in read-only mode after June 22nd.
UCTrust Workgroup
Child pages
  • Procedure for On-Boarding New SPs

Versions Compared

Old Version 5

changes.mady.by.user Julie Petersen

Saved on

compared with

New Version 6

changes.mady.by.user Eric Goodman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated to match current process

Requesting UCTrust SSO (SAML) Integration

If you have an application that needs SAML/SSO integration with other UC campuses, contact your campus/site's UCTrust contact. They will help you document your request and direct it to the other campuses for implementation. For services deployed and managed by a third party, a campus representative is still required to act as the "application contact" for the requests.

Requirements:

The following is required before campuses will take action to enable SSO for a given application/Service:

  • Application's entityID must be registered with InCommon.
  • Application owner understands they are responsible for providing all user support (helpdesk, etc.) needed for their application.
  • Application owner must have a business relationship or sponsor in UC (i.e., campus/lab).
  • Application must meet all relevant UC security requirements. (See IS-3, etc.)

Procedure:

  1. Application owner and their UCTrust contact coordinate to fill out the Template for UCTrust SP integration v1.2.1.docx
    1. This is a Word doc you should download, rename and fill out with the details of your request.
    2. Significant discovery may be required with your campus UCTrust contact before this form can be successfully completed.

  2. The UCTrust contact adds the new Service Provider to the table on the SP Integration with UCTrust page
    1. Attach the Word doc created in 1.a. to this page.
    2. Create a new row in the table below. Link the Service Provider name (in column 1) to that Word Doc.
    3. For any locations that DO NOT need to complete this request, indicate this by putting "N/A" in their location's column.
    4. Note: This table can be shared with the Application owner, so they can monitor the status of their request
  3. The UCTrust contact notifies locations of the new request
    1. Send brief summary of your request to the UCTrust mailing list (UCIDMGMT-L@listserve.ucop.edu).
      1. Call out any key information, especially the desired due date
    2. Optionally, also share this summary information in the #uctrust channel on the uctech slack.

  4. Location IAM teams, upon receiving this request should
    1. Reach out to the requesting UCTrust contact with any questions about the request
    2. Schedule the implementation of the SSO integration.
    3. Especially if the implementation won't be done quickly note the planned implementation date in their location's column for that row.
    4. When the SSO configuration is completed, put an "E" (or other appropriate indicator) in their location's column for that row
  5. The SP or functional owner contacts a UCTrust Lead and requests sponsorship for UCTrust Integration.
  6. The UCTrust Lead instructs the SP to fill out the standard (Google Form) questionnaire, indicating that they are seeking attribute release (basic, not "UCTrust Endorsed" status).
    When the questionnaire is submitted, a PDF of the questionnaire is automatically generated and attached to an email to the UCTrust Sponsor (UCTrust member primary contact) identified in the questionnaire.
    The UCTrust Sponsor performs the following tasks:
  7. Reviews the request, interacting with the submitter for more information as needed.
  8. Adds the Service Provider to the Service Provider Integration Status table on the public page.
  9. Adds the Service Provider to the private table of Service Providers and attaches the submitted questionnaire to the page.
    10. Provides the submitted SP questionnaire (via email list UCTLEADS-L@UCOP.EDU) to the other UCTrust member primary contacts.
    Each UCTrust member primary contact secures approval per their internal procedures. Any questions or additional information needed will be coordinated with the submitting UCTrust member.  UCTrust member primary contacts update status on the Wiki page in the appropriate cell on the table, including an estimated completion date
    1. .