https://wiki.studentnet.net/api.php?action=feedcontributions&user=Jls&feedformat=atomStudentnet Wiki - User contributions [en]2024-03-29T13:12:45ZUser contributionsMediaWiki 1.34.1https://wiki.studentnet.net/index.php?title=Upload_Groups_Sync_Profile&diff=2005Upload Groups Sync Profile2022-09-06T01:44:35Z<p>Jls: Created page with "Category: Sync Profiles == Running A sync == This sync profile type provids an API endpoint where users can upload a file. Please create a ticket for more information on..."</p>
<hr />
<div>[[Category: Sync Profiles]]<br />
<br />
== Running A sync ==<br />
<br />
This sync profile type provids an API endpoint where users can upload a file. Please create a ticket for more information on interacting with and authenticating to this API.<br />
<br />
== The CSV File ==<br />
<br />
The CSV file must consist of at least 2 columns: The Group Email Address, and a Member Identifier. The CSV should have a header row whose column names match the values supplied in the Attribute Mapping section of the Sync Profile settings. Each of the fields described below can be included in your CSV file. And columns in the CSV file that aren't mapped to one of these fields will become a custom attribute on that group.<br />
<br />
=== Group Email Address ===<br />
<br />
This field is mapped via the Group Address Mapping field.<br />
<br />
This field should contain a valid email address. This field acts as the primary identifier for a group within Cloudwork.<br />
<br />
=== Member Identifier ===<br />
<br />
This field is mapped via the Member Mapping field.<br />
<br />
This field must contain an identifier for the user to be added to the group. The format of the identifier must match the selected Member Identifier in the Sync Profile settings.<br />
<br />
=== Group Name ===<br />
<br />
This field is mapped via the Group Name Mapping field.<br />
<br />
This column is used to set or update the Friendly Name for a group. This is the value that is provided to third party services via SAML or OpenID Connect claims.<br />
<br />
=== Group Type ===<br />
<br />
This field is mapped via the Group Type Mapping field.<br />
<br />
The types that apply to this group. Multiple group types can be listed by separating them with <code>;</code>:<br />
* Class - groups with this type are intended to sync to Google Classrooms, Canvas, etc.<br />
* Distribution Group - Groups intended for use as mailing lists. Usually used in combination with Synced to Azure or Synced to Google.<br />
* Security Group - Groups that indicate or control user access controls, either in Cloudwork in other SAML services.<br />
* Synced to Azure - Groups with this type will be synced to Azure<br />
* Synced to Google - Groups with this type will be synced to Google Groups<br />
<br />
=== Classroom State Mapping ===<br />
<br />
This field is mapped via the Classroom State Mapping field.<br />
<br />
Google classroom state for this course. The options available are:<br />
* (blank): Don't sync this group to Google Classroom<br />
* PROVISIONED: This group will be visible to its primary teacher, but not to students.<br />
* ACTIVE: Active classrooms are visible by all students and teachers that are assigned to the class.<br />
* ARCHIVED: Archived classrooms are visible to the primary teacher, but are no longer able to be updated by teachers or students.<br />
<br />
An active Google Classroom class should typically be set to "ACTIVE" though "PROVISIONED" is also acceptable if that behaviour is preferred.<br />
<br />
=== Primary Teacher ===<br />
<br />
This field is mapped via the Primary Teacher Mapping field.<br />
<br />
This field is required if a group needs to sync to Google Classroom.<br />
<br />
This field's value must be the user name, primary email address, or SIS ID of the user who will be this group's primary teacher.</div>Jlshttps://wiki.studentnet.net/index.php?title=Welcome_Message_Templates&diff=1897Welcome Message Templates2022-06-02T01:27:42Z<p>Jls: </p>
<hr />
<div>Here are some pre-made HTML templates for any message template<br />
<br />
==Basic Templates==<br />
<div class="toccolours mw-collapsible mw-collapsed" style="width:800px; overflow:auto;"><br />
<div style="font-weight:bold;line-height:1.6;">Basic Template 1</div><br />
<div class="mw-collapsible-content"><br />
Here is where the template goes<br />
</div></div><br />
<br />
<br />
==Advanced Templates==<br />
<div class="toccolours mw-collapsible mw-collapsed" style="width:800px; overflow:auto;"><br />
<div style="font-weight:bold;line-height:1.6;">Advanced Template 1</div><br />
<div class="mw-collapsible-content"><br />
<nowiki><!doctype html><br />
<html><br />
<head><br />
<meta name="viewport" content="width=device-width"><br />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><br />
<title>{% block head_title %}Alert{% endblock %}</title><br />
<style><br />
/* -------------------------------------<br />
INLINED WITH htmlemail.io/inline<br />
------------------------------------- */<br />
/* -------------------------------------<br />
RESPONSIVE AND MOBILE FRIENDLY STYLES<br />
------------------------------------- */<br />
@media only screen and (max-width: 620px) {<br />
table[class=body] h1 {<br />
font-size: 28px !important;<br />
margin-bottom: 10px !important;<br />
}<br />
table[class=body] p,<br />
table[class=body] ul,<br />
table[class=body] ol,<br />
table[class=body] td,<br />
table[class=body] span,<br />
table[class=body] a {<br />
font-size: 16px !important;<br />
}<br />
table[class=body] .wrapper,<br />
table[class=body] .article {<br />
padding: 10px !important;<br />
}<br />
table[class=body] .content {<br />
padding: 0 !important;<br />
}<br />
table[class=body] .container {<br />
padding: 0 !important;<br />
width: 100% !important;<br />
}<br />
table[class=body] .main {<br />
border-left-width: 0 !important;<br />
border-radius: 0 !important;<br />
border-right-width: 0 !important;<br />
}<br />
table[class=body] .btn table {<br />
width: 100% !important;<br />
}<br />
table[class=body] .btn a {<br />
width: 100% !important;<br />
}<br />
table[class=body] .img-responsive {<br />
height: auto !important;<br />
max-width: 100% !important;<br />
width: auto !important;<br />
}<br />
}<br />
<br />
/* -------------------------------------<br />
PRESERVE THESE STYLES IN THE HEAD<br />
------------------------------------- */<br />
@media all {<br />
.ExternalClass {<br />
width: 100%;<br />
}<br />
.ExternalClass,<br />
.ExternalClass p,<br />
.ExternalClass span,<br />
.ExternalClass font,<br />
.ExternalClass td,<br />
.ExternalClass div {<br />
line-height: 100%;<br />
}<br />
.apple-link a {<br />
color: inherit !important;<br />
font-family: inherit !important;<br />
font-size: inherit !important;<br />
font-weight: inherit !important;<br />
line-height: inherit !important;<br />
text-decoration: none !important;<br />
}<br />
#MessageViewBody a {<br />
color: inherit;<br />
text-decoration: none;<br />
font-size: inherit;<br />
font-family: inherit;<br />
font-weight: inherit;<br />
line-height: inherit;<br />
}<br />
.btn-primary table td:hover {<br />
background-color: #34495e !important;<br />
}<br />
.btn-primary a:hover {<br />
background-color: #34495e !important;<br />
border-color: #34495e !important;<br />
}<br />
}<br />
</style><br />
</head><br />
<body class="" style="background-color: #f6f6f6; font-family: sans-serif; -webkit-font-smoothing: antialiased; font-size: 14px; line-height: 1.4; margin: 0; padding: 0; -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;"><br />
<table border="0" cellpadding="0" cellspacing="0" class="body" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background-color: #f6f6f6;"><br />
<tr><br />
<td style="font-family: sans-serif; font-size: 14px; vertical-align: top;">&nbsp;</td><br />
<td class="container" style="font-family: sans-serif; font-size: 14px; vertical-align: top; display: block; Margin: 0 auto; max-width: 580px; padding: 10px; width: 580px;"><br />
<div class="content" style="box-sizing: border-box; display: block; Margin: 0 auto; max-width: 580px; padding: 10px;"><br />
<br />
<!-- START CENTERED WHITE CONTAINER --><br />
<span class="preheader" style="color: transparent; display: none; height: 0; max-height: 0; max-width: 0; opacity: 0; overflow: hidden; mso-hide: all; visibility: hidden; width: 0;">Your Welcome Message</span><br />
<table class="main" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #ffffff; border-radius: 3px;"><br />
<br />
<!-- START MAIN CONTENT AREA --><br />
<tr><br />
<td class="wrapper" style="font-family: sans-serif; font-size: 14px; vertical-align: top; box-sizing: border-box; padding: 20px;"><br />
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;"><br />
<tr><br />
<td style="font-family: sans-serif; font-size: 14px; vertical-align: top;"><br />
<p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">Hi $first_name,</p><br />
<p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">Welcome to the Example School! A brand new account has been created for you, and you can find your details below:</p><br />
<br />
<p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">Username: $user_name</p><br />
<p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">Your Full Name: $first_name $last_name</p><br />
<p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">Once you've set a password, you can manage your account and access other services at <a href>Link</a></p><br />
<p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">Click on the button below to set your password and get started.</p><br />
<table border="0" cellpadding="0" cellspacing="0" class="btn btn-primary" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; box-sizing: border-box;"><br />
<tbody><br />
<tr><br />
<td align="left" style="font-family: sans-serif; font-size: 14px; vertical-align: top; padding-bottom: 15px;"><br />
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: auto;"><br />
<tbody><br />
<tr><br />
<!-- Add Change Password Link at $change_password_link --><br />
<td style="font-family: sans-serif; font-size: 14px; vertical-align: top; background-color: #3498db; border-radius: 5px; text-align: center;"> <a href="$change_password_link" target="_blank" style="display: inline-block; color: #ffffff; background-color: #3498db; border: solid 1px #3498db; border-radius: 5px; box-sizing: border-box; cursor: pointer; text-decoration: none; font-size: 14px; font-weight: bold; margin: 0; padding: 12px 25px; text-transform: capitalize; border-color: #3498db;">Get Started</a> </td><br />
</tr><br />
</tbody><br />
</table><br />
</td><br />
</tr><br />
</tbody><br />
</table><br />
<p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">Regards,</p><br />
<p style="font-family: sans-serif; font-size: 14px; font-weight: normal; margin: 0; Margin-bottom: 15px;">Your Name Here</p><br />
</td><br />
</tr><br />
</table><br />
</td><br />
</tr><br />
<br />
<!-- END MAIN CONTENT AREA --><br />
</table><br />
<br />
<!-- START FOOTER --><br />
<div class="footer" style="clear: both; Margin-top: 10px; text-align: center; width: 100%;"><br />
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;"><br />
<tr><br />
<td class="content-block" style="font-family: sans-serif; vertical-align: top; padding-bottom: 10px; padding-top: 10px; font-size: 12px; color: #999999; text-align: center;"><br />
<span class="apple-link" style="color: #999999; font-size: 12px; text-align: center;">Example School</span><br />
</td><br />
</tr><br />
</table><br />
</div><br />
<!-- END FOOTER --><br />
<br />
<!-- END CENTERED WHITE CONTAINER --><br />
</div><br />
</td><br />
<td style="font-family: sans-serif; font-size: 14px; vertical-align: top;">&nbsp;</td><br />
</tr><br />
</table><br />
</body><br />
</html><br />
</nowiki><br />
<br />
<br />
</div></div></div>Jlshttps://wiki.studentnet.net/index.php?title=Papercut&diff=1240Papercut2021-06-10T10:25:41Z<p>Jls: </p>
<hr />
<div>PaperCut is a print and copy output management software<br />
<br />
== Setup ==<br />
<br />
=== Background ===<br />
<br />
There are a number of places where PaperCut authenticates users, which occurs before the document is printed, at the time of printing and after printing.<br />
Before printing:<br />
<br />
*Administrate PaperCut or view reports through the admin web interface<br />
*End users visit the user web interface to submit web print jobs, view statistics and top up their account for example.<br />
*Identify the owner of a print job, whether they print from a managed, shared or self managed BYOD device<br />
At the time of printing:<br />
<br />
*Authenticate the user at the release station, through methods like username and password, card swipe, two factor authentication with card and pin or even biometric options.<br />
Add accountability to the document forever:<br />
<br />
Optionally apply a watermark / digital signature to all pages, which adds an encrypted HMAC signature to the page which can be traced back to the user who printed the document.<br />
When authenticating users, PaperCut interfaces directly with directory services like Active Directory or LDAP. Additionally, you can also configure single sign-on on the admin web interface and user web interface, where PaperCut will rely on an external SAML service for authentication.<br />
<br />
=== Shibboleth Installation & Configuration ===<br />
<br />
Download the latest version of Shibboleth from: https://shibboleth.net/downloads/service-provider/latest/ and install it using the default options. All files will be found under '''[C:\opt\shibboleth-sp\etc\shibboleth]''' <br />
<br />
Open shibboleth2.xml with a text editor<br />
<br />
=== IIS Configuration (Shibboleth) ===<br />
<br />
If you have not already done so install IIS onto either the PaperCut Application Server or a different server. If you install IIS onto the PaperCut Application Server make sure you have not configured PaperCut MF to use port 80 or 443 and make sure you don’t tell IIS to use any of the standard PaperCut ports (9191, 9192, 9193).<br />
<br />
You will need to make sure that you have '''ISAPI Extensions''' and '''ISAPI Filters''' installed on IIS which can both be found under '''Add Server Roles > Web Server (IIS) > Web Server > App Development'''<br />
<br />
=== Cloudwork Configuration ===<br />
<br />
Download the metadata and from here enter the FQDN for your IIS Server followed by /Shibboleth.sso/Metadata (For iis.domain.vm the URL would be iis.domain.vm/Shibboleth.sso/Metadata) and then [https://wiki.studentnet.net/index.php?title=XML_file_upload upload the XML file]<br />
<br />
=== Edit InProcess so we use the correct IIS site ===<br />
<br />
We need to change the site name. This will be the Fully Qualified Domain Name (FQDN) that your users connect to.<br />
<br />
<InProcess logger="native.logger"><br />
<ISAPI normalizeRequest="true" safeHeaderNames="true"><br />
<Site id="1" name="iis.domain.vm" scheme="https" port="443"/><br />
</ISAPI><br />
</InProcess><br />
<br />
'''NOTE:''' If you are running Shibboleth V3 then an additional entry needs to be put into the code above. V3 requires the command useHeaders="true". Therefore, if you are implementing a Shibboleth V3 configuration, please use the code below instead, which has the useHeaders=“true” command added.<br />
<br />
<InProcess logger="native.logger"><br />
<ISAPI normalizeRequest="true" safeHeaderNames="true"><br />
<Site id="1" name="iis.domain.vm" scheme="https" port="443" useHeaders="true" /><br />
</ISAPI><br />
</InProcess><br />
<br />
<br />
=== Update RequestMapper ===<br />
<br />
The RequestMapper tells IIS which Paths for a certain host need to use Shibboleth for authentication. We are going to use “user” for ours so any user going to host/user will need to be logged in if not they will be taken to the login page. If you wanted to add /admin to this, you can just copy and paste the user line and replace user with admin.<br />
<br />
<br />
<RequestMapper type="Native"><br />
<RequestMap><br />
<Host name="iis.domain.vm"><br />
<Path name="secure"authType="shibboleth"requireSession="true"><br />
<Path name="user"authType="shibboleth"requireSession="true"/><br />
</Host> </RequestMap> </RequestMapper><br />
<br />
=== Update ApplicationDefaults ===<br />
<br />
The ApplicationDefaults will set the remote_user variable which will contain the headers we want to set we will want to make sure we include ppcuser here as that is what we will use in the PaperCut MF configuration for Web Auth.<br />
<br />
<br />
<ApplicationDefaults entityID="https://iis.domain.vm/shibboleth"<br />
REMOTE_USER="eppn persistent-id targeted-id ppcuser" <br />
cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2"><br />
<br />
<br />
=== Add automatic metadata fetching ===<br />
<br />
There are 2 ways you can load the metadata for your identity provider the first is from a local file which you would need to manually update if you ever make changes to it and the other is by using a URL which will automatically grab the metadata as needed and will make life easier later. This URL is going to be your Federation Service Name followed by /federationmetadata/2007–06/federationmetadata.xml<br />
<br />
<br />
<MetadataProvider type="XML" url="partnermetadata.xml"/><br />
<br />
<br />
=== Open attribute-map.xml ===<br />
<br />
Now we need to tell Shibboleth where it can find the value we want to set to ppcuser, We used the Windows Account Name option in the claims issuance so that is what we will set here.<br />
<br />
<br />
<Attribute name="User-Name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" id="ppcuser"/><br />
<br />
<br />
=== Restart Shibboleth ===<br />
<br />
You have 2 ways to do this, either load up Services Manager (services.msc) and find Shibboleth 2 Daemon and click restart or open a command prompt window and run:<br />
<br />
<br />
net stop shibd_default<br />
net start shibd_default<br />
<br />
<br />
=== IIS Configuration (Proxy) ===<br />
<br />
The only thing left to do now is to setup IIS to act as a proxy to do this we will the IIS ARR (Application Request Routing) module which can be found here: https://www.iis.net/downloads/microsoft/application-request-routing<br />
<br />
Once installed we will need to enable the Proxy option, Open IIS Manager and select the local server from the tree on the left then find '''Application Request Routing Cache.'''<br />
*On the right select '''Server Proxy Settings'''<br />
<br />
*Check the Enable Proxy checkbox and click Apply on the right<br />
<br />
*Select your site on the left and click on '''URL Rewrite'''.<br />
<br />
*Click '''Add Rules''' on the right and pick '''Blank Rule''' from under '''Inbound rules.'''<br />
<br />
*The first rule to create is one to ignore any requests that come in to [FQDN]/Shibboleth.sso/ as we don’t want to block any of the Shibboleth functions.<br />
*#Give your rule a name and set the '''Requested URL''' to '''Matches the Pattern''' and set '''Using''' to '''Regular Expression'''.<br />
*#Set the Pattern to '''Shibboleth.sso/.*'''<br />
*#Check the '''Ignore case”''' checkbox<br />
*#Set the '''Action type''' at the bottom to '''None'''<br />
*#Check '''Stop Processing''' of subsequent rules.<br />
<br />
*Our next rule will be to pass anything else off to PaperCut Application Server. Create a new blank rule and this time set the pattern to (.*)<br />
<br />
*Now for the action set the type to '''Rewrite''' and for the '''Rewrite URL''' use http://[papercut_ip_or_fqdn]:9191/{R:1} and check '''Append Query String.''' With a bit more work you can configure this internal route to use HTTPS if needed.<br />
<br />
*Now restart IIS by clicking restart on the right or by opening a command prompt window and running '''iisreset.'''<br />
<br />
=== PaperCut MF Configuration ===<br />
<br />
Everything should now be good to go so we can get PaperCut MF configured to use Web Auth for the SSO.<br />
<br />
Login to the PaperCut admin portal and go to '''Options > Advanced.''' Look for Web Single Sign-On (SSO) and enable it.<br />
<br />
From the dropdown you are going to want '''WebAuth''', The '''HTTP Header Key''' will be '''ppcuser''' which will contain the username after a successful authentication attempt. The '''Allowed WebAuth IP addresses''' list will only need the IIS server’s IP in it but to play it safe also add the IPv4 and v6 localhost addresses (127.0.0.1 and 0:0:0:0:0:0:0:1) and the IP for the PaperCut Application Server.<br />
<br />
Now select the pages you want to use SSO for. If you followed the steps above it will just be for the User login page but you can change it as needed. For the logout URL you can use '''https://[iis_fqdn_or_ip]/Shibboleth.sso/Logout?return=https://papercut.com''' with this option when the user logs out they will be redirected to the PaperCut website. You can change the return URL to anything you want.<br />
<br />
== Troubleshooting ==<br />
<br />
While the steps above should be enough to get you up and running every environment is a little bit different. If you do run into any issues the first thing to do is to check the URLs you used. Some of them will work if you enter them into a browser from the IIS host. The 3 to check are listed below.<br />
<br />
* Shibboleth Status: '''https://localhost/Shibboleth.sso/Status'''<br />
<br />
* Shibboleth Metadata: '''https://localhost/Shibboleth.sso/Metadata'''<br />
<br />
* ADFS Metadata: '''https://<<domain_name>>/federationmetadata/2007-06/federationmetadata.xml''' <br />
<br />
You can also find the Shibboleth log files under C:\opt\shibboleth-sp\var\log\shibboleth. While working on this I found shibd.log to be the most useful. You can do a quick search for “ERROR” or “FATAL” and find out where it went wrong.<br />
<br />
If you manage to authenticate but PaperCut MF is still showing the login page, enable debug logging in the PaperCut Application Server then try again. Open the server.log under '''[install_path]/server/log''' and do a search for '''“WebSsoAuthenticationFilter”''', this will give you a good understanding of what is going on. If you happen to find the error “Not using SSO because remote IP is not on the whitelist” in the log, but you’re scratching your head because you can see where you added the server’s IPv4 loopback address to '''Allowed WebAuth IP addresses''', then try adding the IPv6 loopback address as well: '''0:0:0:0:0:0:0:1.'''<br />
<br />
If you are running PaperCut MF / NG 17.3.2 or later and run into a CSRF error after authenticating check the KB article [https://www.papercut.com/kb/Main/CSRFValidationError here] which will tell you how to resolve the issue.<br />
<br />
If you have enabled SSO for the Admin and can’t login add '''/nosso''' to the end of the URL and it will skip the SSO option so that you can login and check your settings.<br />
<br />
<br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=Message_Templates&diff=1237Message Templates2021-06-03T02:04:15Z<p>Jls: </p>
<hr />
<div><br />
A range of templates for messaging can be created and organised with the Message Templates List. <br />
<br />
When you select '''Message Templates''' from the Cloudwork dashboard menu, the Message Templates List displays. This includes a list of existing templates as well as the option to create a New Message Template.<br />
<br />
==Variables for message templates==<br />
<br />
For each type of message template there are standard variables which may be included in any field, for example $first_name and $last_name. When the message is sent the variables will be replaced with the relevant values for the individual user. <br />
<br />
You can also use as variables any extra attributes you have set up for your users, such as $salutation or $SIS_ID. <br />
<br />
Note that a variable that cannot be resolved (i.e. it is not one of the standardised variables or one of a user's custom attributes) will be left in the message unchanged.<br />
<br />
A single dollar sign ($) precedes the variable name. If you need to include an actual dollar sign in your message, type two dollar signs ($$).<br />
<br />
==Create a new message template==<br />
<br />
Click the '''New Message Template''' button to display a list of template types for your school. These may include:<br />
* Welcome email<br />
* Forgot password email<br />
* Forgot password SMS<br />
* Forgot username. <br />
<br />
Select the type of message template to be created and complete the required details.<br />
<br />
=== Welcome Email template ===<br />
<br />
This template can be used to send welcome messages to new users.<br />
<br />
You can use these standard variables in any field of the Welcome Email template:<br />
<br />
*$user_name: The new user's username.<br />
*$email: The new user's email address.<br />
*$first_name: The new user's first name.<br />
*$last_name: The new user's last name.<br />
*$password_reset_link: A link to start the Password Recovery process.<br />
*$change_password_link: A unique link for this user to immediately change their password.<br />
*$recovery_email: The new user's recovery email address.<br />
*$recovery_phone: The new user's recovery phone number.<br />
<br />
Complete the following fields for the new template:<br />
<br />
* Template Name: A short description of the email (this will display in the Message Templates List)<br />
* Subject: Subject line for the email<br />
* Message: Text of the email, written in html<br />
* From Address: The sending email address<br />
* To: Email address(es) to receive the email. Separate multiple addresses with commas. <br />
Note: This email address should be an existing one to ensure the user will receive and see the message, often a personal email address. <br />
* CC: Optional email address(es) to individuals or teams who should be notified of the new user's addition to Cloudwork, for example the support person at the school or the parent for a new student account. Separate multiple addresses with commas.<br />
<br />
Click '''Submit''' to create the new template.<br />
<br />
This is an example of the form for writing a Welcome Email template.<br />
<br />
[[File:welcome_email.png|700px]]<br />
<br />
==== When is a Welcome Email sent? ====<br />
<br />
* A Welcome Email can be initiated from the User's detail screen. <br />
<br />
[[File:Sendwelcomeexample.PNG]]<br />
<br />
<br />
<br />
1. Select '''Users''' from the Cloudwork dashboard menu, then select the user from the Users List to display their details. <br />
<br />
2. Click the '''Send Welcome Message''' button near the top of the screen.<br />
<br />
3. Select the Welcome Message template you want, then click '''Submit''' to initiate the send.<br />
<br />
<br />
<br />
* A Welcome Email can be initiated from a sync profile run.<br />
<br />
[[File:Sendwelcomesync.PNG]]<br />
<br />
Important: Adding new users to Cloudwork may involve more than one synchronisation. For example, a user may be added during an Active Directory synchronisation and then additional information about the user comes from a different sync run. If you want to initiate Welcome Emails from a sync run, ensure that it is the '''later''' sync run that initiates the emails so that all user details required to populate the email are in Cloudwork.<br />
<br />
1. Select '''Sync Profiles''' from the Cloudwork dashboard menu, then select the profile from the Sync Profile List.<br />
<br />
2. In Advanced Settings there are two fields: Send Welcome Messages and Welcome Message Template. Edit these as needed to specify initiation of a welcome email when a sync run adds new users. <br />
<br />
Studentnet is working to develop additional options for automating Welcome Emails to users. If you wish to contact Studentnet to discuss your requirements, contact support@studentnet.net<br />
<br />
===Bulk Send Welcome Message===<br />
<br />
#After creating a Welcome Message Template, you will be brought back to Message Template List. <br />
#Click on the Welcome Message Template you just created.<br />
#Click Send<br />
#From here you can filter out users based on rules you create.<br />
#Once you have created your filter click continue<br />
#The next page will display the users that match your filter, these users will be sent the Welcome Message. If these users are not the expected users click cancel to return to the filtering process.<br />
#If the users shown are the intended users for receiving the Welcome Message click Continue to send the Welcome Message.<br />
====Notes====<br />
* The To field will only send the Welcome Message to the email address(es) in that field. No other email address will receive the email.<br />
* If multiple email addresses are entered into the To field, when the email is sent through, the only email address the recipient will see is their own email address.<br />
* The To field can customise the layout of the email clients To field. By having <pre> $first_name $last_name <$email> </pre> in the Welcome Message To field, when the Welcome Message is sent, the email client will display the email was sent to <pre> test example <example@email.com> </pre><br />
<br />
=== Forgotten Password template ===<br />
<br />
This template can be used when sending recovery codes via email for users who are attempting to reset their password.<br />
<br />
You can use these standard variables in any field of the Welcome Email template:<br />
<br />
*$user_name: The user's username.<br />
*$code: The recovery code needed by the user to reset their password.<br />
*$continue_link: A link to continue the Password Recovery process.<br />
*$email: The user's email address.<br />
*$first_name: The user's first name.<br />
*$last_name: The user's last name.<br />
*$password_reset_link: A link to initiate Password Recovery.<br />
*$recovery_email: The user's recovery email address.<br />
*$recovery_phone: The user's recovery phone number.<br />
<br />
Complete the following fields for the new template:<br />
<br />
* Template Name: A short description of the email (this will display in the Message Templates List)<br />
* Subject: Subject line for the email<br />
* Message: Text of the email, written in html<br />
* From Address: The sending email address<br />
<br />
Click '''Submit''' to create the new template.<br />
<br />
An example of the form for writing a forgotten password template and an example of a message can be found below.<br />
<br />
[[File:password_template.png|700px]]<br />
<br />
===== Example Password recovery message =====<br />
<br />
Hi $first_name,<br />
<br />
You've recently made a request to reset your Cloudwork password. Click <a href="$continue_link">here</a> to reset your password, or provide the following code in your browser when prompted:<br />
$code<br />
<br />
If you did not try to reset your password, please ignore this email.<br />
<br />
Sincerely,<br />
The Studentnet Support team<br />
<br />
<br />
===Forgotten Password SMS template===<br />
<br />
This template can be used when sending recovery codes via SMS for users who are attempting to reset their password.<br />
<br />
You can use the following standard variables for this message:<br />
<br />
*$user_name: The user's username.<br />
*$code: The recovery code needed by the user to reset their password.<br />
*$email: The user's email address.<br />
*$first_name: The user's first name.<br />
*$last_name: The user's last name.<br />
*$recovery_email: The user's recovery email address.<br />
*$recovery_phone: The user's recovery phone number.<br />
<br />
Complete the following fields for the new template:<br />
<br />
* Template Name: A short description of the email (this will display in the Message Templates List)<br />
* Message: Text of the message, written in html<br />
<br />
Click '''Submit''' to create the new template.<br />
<br />
====Example Forgotten Password SMS template====<br />
<br />
Hi $first_name,<br />
<br />
You've recently made a request to reset your Cloudwork password. Here is your recovery code!<br />
$code<br />
<br />
If you did not try to reset your password, please ignore this message. <br />
<br />
Sincerely, The Studentnet Support team<br />
<br />
===Forgotten Username Email template===<br />
<br />
This template can be used when sending a reminder via email to a user who has forgotten their username.<br />
<br />
You can use the following standard variables in any field for this message: <br />
<br />
*$user_name: The user's username.<br />
*$email: The user's email address.<br />
*$first_name: The user's first name.<br />
*$last_name: The user's last name.<br />
*$password_reset_link: A link to initiate Password Recovery.<br />
*$recovery_email: The user's recovery email address.<br />
*$recovery_phone: The user's recovery phone number.<br />
*$usernames_ul: Render an HTML list of all usernames of all accounts that share the supplied recovery email address<br />
<br />
Complete the following fields for the new template:<br />
<br />
* Template Name: A short description of the email (this will display in the Message Templates List)<br />
* Subject: Subject line for the email<br />
* Message: Text of the email, written in html<br />
* From Address: The sending email address<br />
<br />
Click '''Submit''' to create the new template.<br />
<br />
====Example Forgotten Email Template====<br />
<br />
Hi $first_name,<br />
<br />
You've recently made a request to find your username. Here is your username! <br />
<br />
Username: $user_name<br />
<br />
If you did not request your username, please ignore this message.<br />
<br />
Sincerely, The Studentnet Support team<br />
<br />
==Edit Message Template==<br />
<br />
[[File:Editmessageexample.PNG]]<br />
<br />
1. Select '''Message Templates''' from the Cloudwork dashboard menu to display the Message Templates List. <br />
<br />
2. Click the link for the template to be updated.<br />
<br />
3. In the window that opens, click '''Edit''' and update the template details as needed.<br />
<br />
4. Click '''Submit'''.<br />
<br />
==Delete Message Template==<br />
<br />
[[File:Deletemessageexample.PNG]]<br />
<br />
1. Select '''Message Templates''' from the Cloudwork dashboard menu to display the Message Templates List. <br />
<br />
2. Click the link for the template to be deleted.<br />
<br />
3. In the window that opens, confirm that you have selected the correct template and click '''Delete''' near the top of the page.<br />
<br />
4. Confirm the delete request.<br />
<br />
[[Category:Cloudwork Dashboard]]</div>Jlshttps://wiki.studentnet.net/index.php?title=Adobe_Cloud&diff=1069Adobe Cloud2020-08-05T00:36:21Z<p>Jls: </p>
<hr />
<div>When setting up Adobe Cloud one of your first tasks is to define and set up an identity system against which your end users will be authenticated. As your organization purchases licenses for Adobe products and services, you will need to provision those licenses to your end users. And for this, you will need a way to authenticate these users. Adobe provides multiple identity types but the main identity type that you can use to authenticate users is Enterprise ID.<br />
<br />
==Federated ID==<br />
<br />
Created and owned by an organization, and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 Identity Provider (IdP).<br />
<br />
The following are a few requirements and scenarios where Federated IDs are recommended:<br />
<br />
*If you want to provision users based on your organization's enterprise directory.<br />
*If you want to manage authentication of users.<br />
*If you need to maintain strict control over apps and services available to a user.<br />
*If you want to allow users to use the same email address to sign up for an Adobe ID.<br />
<br />
==Set up==<br />
<br />
To use Enterprise IDs start by setting up a directory to which you can link one or more domains.<br />
<br />
To set up a directory:<br />
<br />
#Create a directory in the Admin Console.<br />
#Adobe will provision the directory. This usually takes up to 48 hours.<br />
#If you set up your organization for Enterprise ID identity, you can start linking your email domains to the directory.<br />
#After Adobe has provisioned your directory, configure the SAML settings for the directory.<br />
<br />
To create a directory, navigate to the Directories tab in settings, click Create Directory and fill in the necessary information making sure you choose Federated ID. To create a Federated ID Adobe will need to provision this directory before you can proceed with any more operations on it, it will generally take 48 hour and you will be notified by email when it is complete.<br />
<br />
===Configure Single Sign On===<br />
<br />
After you receive the email from Adobe confirming that your directory is provisioned, configure the SAML settings for the directory.<br />
<br />
When organizations configure and enable Single Sign-On (SSO), users in that organization are able to use their corporate credentials to access Adobe software. This enables users to use a single credential to access Adobe desktop apps, services, and mobile apps.<br />
<br />
The Adobe Admin Console offers a method for enterprise users to authenticate using their existing corporate identity. Adobe Federated IDs enable integration with a Single Sign-On (SSO) identity management system. Single Sign-On is enabled using SAML, an industry-standard protocol that connects enterprise identity management systems to cloud service providers like Adobe.<br />
<br />
SSO can securely exchange authentication information between two parties: the service provider (Adobe) and your Identity Provider (IdP). The service provider sends a request to your IdP, which attempts to authenticate the user. If authentication is successful, the IdP sends a response message to sign in the user.<br />
<br />
====SSO requirements====<br />
<br />
To successfully set up SSO for Adobe software, IT Admins need the following:<br />
<br />
*An understanding of SAML 2.0<br />
*An Identity Provider (IdP) that supports SAML 2.0, and at a minimum must have:<br />
**IDP Certificate<br />
**IDP Login URL<br />
**IDP Binding: HTTP-POST or HTTP-Redirect<br />
**Assertion consumer service URL<br />
*Access to your DNS configuration for the domain claim process<br />
<br />
The login URL of the IdP does not need to be externally accessible for users to be able to access it for logging in. However, if it is only reachable within the organization's internal network, users can only log in to Adobe products when they are connected to the organization's internal network either directly, via wifi or via VPN. It is not necessary for the login page to be accessible only via HTTPS, but it is recommended for security reasons.<br />
<br />
If your organization wants to test SSO integration, it is recommended that you claim a test domain that you own, as long as your organization has an Identity Provider with identities set up in that test domain. This allows you to test the integration before you claim the main domains, until you feel comfortable with the domain claim and configuration process.<br />
<br />
===Configure SAML Settings===<br />
<br />
You can find this information in the Cloudwork Dashboard under Features > Single Sign On > Identity Provider:<br />
<br />
*IdP Certificate: Download it from your dashboard <br />
*IdP Binding: Redirect <br />
*IdP Issuer: Your Entity ID<br />
*IdP Login URL: Your Sign On Endpoint<br />
<br />
When prompted to download the metadata file, you can either email it to us and we will import it for you, or you can follow the instructions below: <br />
<br />
1. Go to your Cloudwork dashboard.<br />
<br />
2. Click '''Add New Service'''. <br />
<br />
3. Click '''Upload an XML File'''. <br />
<br />
*Give the service a recognisable name (eg, Adobe Enterprise), select the file, and click '''Submit'''. <br />
<br />
4. Go back to the Services List and select the newly created service. <br />
<br />
5. Edit the Attribute Map and update the "Maps to" values as follows:<br />
<br />
*First Name: FirstName <br />
*Last Name: LastName <br />
*Email: Email <br />
<br />
6. Click '''Submit'''.<br />
<br />
7. In the SAML Configuration section edit the newly created service and change NameID Value to Email or Username, depending on your chosen identifier (ie. the User login setting which you specified on the Adobe form). <br />
<br />
8. Click '''Submit'''.<br />
<br />
9. Proceed with configuring Adobe. <br />
<br />
<br />
==Migrating Adobe SSO from SHA1 to SHA256==<br />
'''Adobe Side:'''<br />
#In Adobe Admin Console>Settings>Directories.<br />
#Select the Edit action for the directory. Then click Details>“Select Add new IdP” <br />
#Select Other SAML providers. Click Next.<br />
#Save Adobe’s XML file from the Adobe Admin Console<br />
#Login to Cloudwork Dashboard, navigate to Single Sign On>Identity Provider<br />
#Under XML, Click download and save Cloudwork’s XML file.<br />
#Upload Cloudwork’s XML file to the Adobe Admin Console. Then, click Save<br />
<br />
'''Cloudwork Side:'''<br />
#Login Cloudwork Dashboard, navigate to Single Sign On>Add New service<br />
#Click Adobe Cloud<br />
#Upload Adobe’s XML file and click Submit<br />
#Go the service>SAML Config>Edit<br />
#In Signature Algorithm, select SHA256<br />
#Click Submit<br />
<br />
'''Testing SSO Service:'''<br />
#In the Adobe Admin Console>Directory details, choose the new authentication profile you just created.<br />
#Click Test to verify whether the configuration is set up correctly.<br />
#If Test passes, Click Activate to migrate to the new authentication profile. Once done, the new profile displays In use.<br />
#After activating, make sure the value of the Subject field in the assertion from the new SAML configuration matches the existing users' username format in the Admin Console.<br />
<br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=Replicating_ADFS_Login_Page&diff=973Replicating ADFS Login Page2020-04-09T02:42:36Z<p>Jls: </p>
<hr />
<div>==Replicating ADFS Login Page==<br />
The instructions give a basic format on how to replicate ADFS Login Page for your Cloudwork Login Page so it looks like this.<br />
[[File:Cloudwork adfs.JPG|1150px|ADFS replicated page]]<br />
<br />
<br />
===Login Theme General Settings===<br />
<br />
#In your school's Cloudwork dashboard click '''Login Theme'''<br />
#Navigate to '''General Settings''' and click '''Edit'''<br />
#Make '''Organisation name''' empty<br />
#Check '''Show Logo''' and '''Show background image'''<br />
#Select '''Inside Login Box''' for '''Logo Location'''<br />
#Upload the appropriate '''Logo''' and '''Background Image'''<br />
#Copy and paste this text in to '''Custom Styles'''<br />
body {height: 100vh; background-repeat: no-repeat; background-size: auto 100%; font-size: 0.9em; font-family: "Segoe UI" , "Segoe" , "SegoeUI-Regular-final", Tahoma, Helvetica, Arial, sans-serif;}<br />
.main .content { min-height: 100vh; height: auto !important; position: absolute; right: 0px; border-radius: 0px; padding: 0px 95px 0px 50px; margin: 0 auto; text-align: left; }<br />
.main .content input[type=submit] { color: #FFF; min-width:80px; width: auto; height: 30px; padding: 0px 5px; -webkit-flex: none; font-size: inherit; font-size: 0.9em; border-radius: 0; line-height: 0.9em; }<br />
div.content-header { padding-top: 90px; margin-bottom: 60px; }<br />
div.submit { margin: 38px 0; 30px; }<br />
div.login { width: 350px; }<br />
input[type=text], input[type=password], select { height: 28px; padding: 0px 3px 0px 3px; border: solid 1px #BABABA; background: #ffffff; color: #000; border-radius: 0px; font-weight:normal; margin: 0 0 8px 0; }<br />
.main .content input[type=text], .main .content input[type=password], .main .content h3, .main .content input[type=submit], .main .content a, .main .content select { font-weight: normal; font-size: 0.9em; <br />
font-family: "Segoe UI" , "Segoe" , "SegoeUI-Regular-final", Tahoma, Helvetica, Arial, sans-serif;}<br />
.login h3 {margin-bottom:35px;}<br />
.login a { text-decoration: none; }<br />
div.footer { position:absolute; bottom:5px; right: 95px; width: 350px; }<br />
<br />
<br />
===Login Page Settings===<br />
#Click submit after completing General Settings changes<br />
#Uncheck '''Show Password Reset Link''' and Show Forgot Username Link'''<br />
#Copy and paste the text below changing the bold text to your school's appropriate needs<br />
<a href="'''School's Password Reset URL'''" <br />
style="color: '''color code''';">'''Forgot password text'''</a><br />
<br />
==Notes==<br />
<br />
To find your school's Password Reset URL, log in to your school's dashboard go to Cloudwork.ID Settings>Useful Links>Recover Forgotten Password<br />
<br />
[[Category:Cloudwork Dashboard]]</div>Jlshttps://wiki.studentnet.net/index.php?title=Zoom&diff=942Zoom2020-03-12T00:38:56Z<p>Jls: </p>
<hr />
<div>Zoom unifies cloud video conferencing, simple online meetings, and group messaging into one easy-to-use platform.<br />
<br />
==Setup==<br />
<br />
First you need to send us your vanity URL from your Zoom Account Page - this generally looks like this - '''https://yourcompany.zoom.us'''<br />
<br />
<br />
Secondly you have to navigate to the https://zoom.us/account/sso page and enter your SSO details. All this information can be found on the Cloudwork Dashboard under ''Single Sign On -> Identity Provider Details'' (Shown Below)<br />
<br />
<br />
*'''Sign-in page URL:''' https://<<yourURL>>.cloudworkengine.net/saml2/idp/SSOService.php<br />
<br />
*'''Sign-out page URL:''' https://<<yourURL>>.cloudworkengine.net/saml2/idp/SingleLogoutService.php<br />
<br />
*'''Certificate:''' Download from https://<<yourURL>>.cloudworkengine.net/module.php/saml/idp/certs.php/idp.crt<br />
<br />
*'''Issuer:''' https://<<yourURL>>.cloudworkengine.net/saml2/idp/metadata.php<br />
<br />
*'''Binding:''' Choose http-redirect<br />
<br />
*'''Signature Hash Algorithm:''' SHA-1<br />
<br />
*'''Default user type:''' Basic or Pro - You can determine this.<br />
<br />
Once you've configured the basics, you can optionally map Cloudwork data to users' Zoom accounts. <br />
<br />
Go to https://zoom.us/account/sso and click the SAML Response Mapping tab. Click "Map to SAML Attribute" for each attribute you wish to map, and fill out the form as required:<br />
<br />
* Email address: mail<br />
* First name: givenName<br />
* Last name: sn <br />
<br />
<br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=Zoom&diff=941Zoom2020-03-11T23:57:55Z<p>Jls: </p>
<hr />
<div>Zoom unifies cloud video conferencing, simple online meetings, and group messaging into one easy-to-use platform.<br />
<br />
==Setup==<br />
<br />
First you need to send us your vanity URL from your Zoom Account Page - this generally looks like this - '''https://yourcompany.zoom.us'''<br />
<br />
<br />
Secondly you have to navigate to the https://zoom.us/account/sso page and enter your SSO details. All this information can be found on the Cloudwork Dashboard under ''Single Sign On -> Identity Provider Details'' (Shown Below)<br />
<br />
<br />
*'''Sign-in page URL:''' https://<<yourURL>>.cloudworkengine.net/saml2/idp/SSOService.php<br />
<br />
*'''Sign-out page URL:''' https://<<yourURL>>.cloudworkengine.net/saml2/idp/SingleLogoutService.php<br />
<br />
*'''Certificate:''' Download from https://<<yourURL>>.cloudworkengine.net/module.php/saml/idp/certs.php/idp.crt<br />
<br />
*'''Issuer:''' https://<<yourURL>>.cloudworkengine.net/saml2/idp/metadata.php<br />
<br />
*'''Binding:''' Choose http-redirect<br />
<br />
*'''Signature Hash Algorithm:''' SHA-256<br />
<br />
*'''Default user type:''' Basic or Pro - You can determine this.<br />
<br />
Once you've configured the basics, you can optionally map Cloudwork data to users' Zoom accounts. <br />
<br />
Go to https://zoom.us/account/sso and click the SAML Response Mapping tab. Click "Map to SAML Attribute" for each attribute you wish to map, and fill out the form as required:<br />
<br />
* Email address: mail<br />
* First name: givenName<br />
* Last name: sn <br />
<br />
<br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=AWS_Cognito&diff=777AWS Cognito2019-11-05T04:22:16Z<p>Jls: Created page with "Use the documentation at the following link: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managing-saml-idp-console.html"</p>
<hr />
<div>Use the documentation at the following link: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managing-saml-idp-console.html</div>Jlshttps://wiki.studentnet.net/index.php?title=Grok_Learning&diff=638Grok Learning2019-06-28T05:20:09Z<p>Jls: Created page with "# Download the metadata for Grok Learning's staging and production environments, and save them as indicated: #:: dev.grok.xml: https://dev.groklearning.com/sso/saml2/metadata..."</p>
<hr />
<div># Download the metadata for Grok Learning's staging and production environments, and save them as indicated:<br />
#:: dev.grok.xml: https://dev.groklearning.com/sso/saml2/metadata<br />
#:: prod.grok.xml: https://groklearning.com/sso/saml2/metadata<br />
# Log in to Cloudwork and navigate to Single Sign On > Add New Service > Upload an XML File<br />
# Fill out the form as follows, and click `Submit`:<br />
#:: '''Name''': Grok Learning (Staging)<br />
#:: '''Upload''': dev.grok.xml<br />
# Edit Grok Learning (Staging) and change NameID Value from GUID (base64 encoded) to GUID (Binding String) and click Submit<br />
# Edit the Attribute map for Grok Learning (Staging) and update it as follows:<br />
#:: '''User Name''': uid<br />
#:: '''Last Name''': sn<br />
#:: '''First Name''': gn<br />
#:: '''Email''': mail<br />
#:: '''GUID (Binding String)''': guid<br />
#:: '''Role''': eduPersonAffiliation<br />
#:: '''Groups''': group<br />
# Navigate to Single Sign On > Add New Service > Upload an XML File again and fill out the form as follows:<br />
#:: '''Name''': Grok Learning (Production)<br />
#:: '''Upload''': prod.grok.xml<br />
# Repeat steps 4 and 5, this time for Grok Learning (Production)<br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=Generic_PHP_Website&diff=601Generic PHP Website2019-05-20T01:51:58Z<p>Jls: Created page with "Before we get started, you'll need to make sure you know what your Cloudwork identity provider's Entity ID is. To do this, log in to your Cloudwork Dashboard, and go to Single..."</p>
<hr />
<div>Before we get started, you'll need to make sure you know what your Cloudwork identity provider's Entity ID is. To do this, log in to your Cloudwork Dashboard, and go to Single Sign On > Identity Provider. You'll need this Entity ID url a few times in the instructions below.<br />
<br />
Download SimpleSAMLphp and place it on your server (OUTSIDE of your public_html directory - We recommend /var/simplesaml). You can then add the following snippet to your site config in apache to get SimpleSAMLphp working properly:<br />
<br />
SetEnv SIMPLESAMLPHP_CONFIG_DIR /var/simplesamlphp/config<br />
<br />
Alias /simplesaml /var/simplesamlphp/www<br />
<br />
<Directory /var/simplesamlphp/www><br />
<IfModule !mod_authz_core.c><br />
# For Apache 2.2:<br />
Order allow,deny<br />
Allow from all<br />
</IfModule><br />
<IfModule mod_authz_core.c><br />
# For Apache 2.4:<br />
Require all granted<br />
</IfModule><br />
</Directory><br />
<br />
Make sure to adjust the paths as necessary.<br />
<br />
Next up, you'll need to get SimpleSAML configured. Edit the config/authsources.php file. Find the line 'idp' => null and replace null with your Entity ID, enclosed in quotation marks; for example<br />
<br />
'idp' => "https://demo-login.cloudworkengine.net/saml2/idp/metadata.php"<br />
<br />
Now, in a web browser, paste your entity ID into the URL bar and add `?output=xhtml` to the end of the URL. Find the code snippet under "In SimpleSAMLphp flat file format" and copy the code snippet. Edit metadata/saml20-idp-remote.php and and paste the contents of that snippet underneath the existing contents of that file.<br />
<br />
Next, you need to get your new service configured in Cloudwork. In your web browser, go to [you_website]/simplesaml/module.php/saml/sp/metadata.php/default-sp and save the XML to a file.<br />
Log in to Cloudwork and go to Single Sign On > Add New Service > Upload an XML File and fill out the form using the XML file you just saved.<br />
<br />
At this point, SSO is configured and you can start using it in your website. <br />
<br />
The following code snippet is an example of how this SimpleSAMLphp installation can now be used to force a user to be authenticated via SSO, and also show you what data you have available to you regarding the authenticated user:<br />
<br />
<?php<br />
require_once('/var/simplesamlphp/lib/_autoload.php');<br />
$as = new \SimpleSAML\Auth\Simple('default-sp');<br />
$as->requireAuth();<br />
$attributes = $as->getAttributes();<br />
print_r($attributes);</div>Jlshttps://wiki.studentnet.net/index.php?title=Freshdesk&diff=567Freshdesk2018-12-18T23:21:38Z<p>Jls: </p>
<hr />
<div>To configure SSO in Freshdesk, log in to your Cloudwork Dashboard and navigate to Single Sign On > IdP Details <br />
<br />
To finish setting up SSO for FreshDesk, you need to log in to your Cloudwork Dashboard and go to Single Sign On > Add New Service > Custom Service <br />
<br />
Fill out the form as follows: <br />
<br />
* Name: FreshDesk <br />
* Entity ID: https://&lt;yourdomain&gt;.freshdesk.com <br />
* Assertion Consumer Service: https://&lt;yourdomain&gt;.freshdesk.com/login/saml <br />
* NameID: Email <br />
* NameID Format: emailAddress <br />
<br />
Freshdesk only needs a user email address to log in, however you can pass extra information along as well. If you would like to do so, find your new Fresh Desk service entry in Cloudwork, scroll down to Attribute Map and click "Edit". <br />
<br />
* First Name: givenname <br />
* Last Name: surname <br />
* Phone: phone <br />
* Company: company <br />
* Other attributes not listed here: custom_field_<name_of_field_in_freshdesk> <br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=Freshdesk&diff=566Freshdesk2018-12-18T23:20:49Z<p>Jls: Created page with "To configure SSO in Freshdesk, log in to your Cloudwork Dashboard and navigate to Single Sign On > IdP Details To finish setting up SSO for FreshDesk, you need to log in to..."</p>
<hr />
<div>To configure SSO in Freshdesk, log in to your Cloudwork Dashboard and navigate to Single Sign On > IdP Details <br />
<br />
To finish setting up SSO for FreshDesk, you need to log in to your Cloudwork Dashboard and go to Single Sign On > Add New Service > Custom Service <br />
<br />
Fill out the form as follows: <br />
<br />
Name: FreshDesk <br />
Entity ID: https://&lt;yourdomain&gt;.freshdesk.com <br />
Assertion Consumer Service: ttps://&lt;yourdomain&gt;.freshdesk.com/login/saml <br />
NameID: Email <br />
NameID Format: emailAddress <br />
<br />
Freshdesk only needs a user email address to log in, however you can pass extra information along as well. If you would like to do so, find your new Fresh Desk service entry in Cloudwork, scroll down to Attribute Map and click "Edit". <br />
First Name: givenname <br />
Last Name: surname <br />
Phone: phone <br />
Company: company <br />
Other attributes not listed here: custom_field_<name_of_field_in_freshdesk> <br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=Adobe_Cloud&diff=540Adobe Cloud2018-11-26T22:54:43Z<p>Jls: </p>
<hr />
<div>When setting up Adobe Cloud one of your first tasks is to define and set up an identity system against which your end users will be authenticated. As your organization purchases licenses for Adobe products and services, you will need to provision those licenses to your end users. And for this, you will need a way to authenticate these users. Adobe provides multiple identity types but the main identity type that you can use to authenticate users is Enterprise ID.<br />
<br />
==Federated ID==<br />
<br />
Created and owned by an organization, and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 Identity Provider (IdP).<br />
<br />
The following are a few requirements and scenarios where Federated IDs are recommended:<br />
<br />
*If you want to provision users based on your organization's enterprise directory.<br />
*If you want to manage authentication of users.<br />
*If you need to maintain strict control over apps and services available to a user.<br />
*If you want to allow users to use the same email address to sign up for an Adobe ID.<br />
<br />
==Set up==<br />
<br />
To use Enterprise IDs start by setting up a directory to which you can link one or more domains.<br />
<br />
To set up a directory:<br />
<br />
#Create a directory in the Admin Console.<br />
#Adobe will provision the directory. This usually takes up to 48 hours.<br />
#If you set up your organization for Enterprise ID identity, you can start linking your email domains to the directory.<br />
#After Adobe has provisioned your directory, configure the SAML settings for the directory.<br />
<br />
To create a directory, navigate to the Directories tab in settings, click Create Directory and fill in the necessary information making sure you choose Federated ID. To create a Federated ID Adobe will need to provision this directory before you can proceed with any more operations on it, it will generally take 48 hour and you will be notified by email when it is complete.<br />
<br />
===Configure Single Sign On===<br />
<br />
After you receive the email from Adobe confirming that your directory is provisioned, configure the SAML settings for the directory.<br />
<br />
When organizations configure and enable Single Sign-On (SSO), users in that organization are able to use their corporate credentials to access Adobe software. This enables users to use a single credential to access Adobe desktop apps, services, and mobile apps.<br />
<br />
The Adobe Admin Console offers a method for enterprise users to authenticate using their existing corporate identity. Adobe Federated IDs enable integration with a Single Sign-On (SSO) identity management system. Single Sign-On is enabled using SAML, an industry-standard protocol that connects enterprise identity management systems to cloud service providers like Adobe.<br />
<br />
SSO can securely exchange authentication information between two parties: the service provider (Adobe) and your Identity Provider (IdP). The service provider sends a request to your IdP, which attempts to authenticate the user. If authentication is successful, the IdP sends a response message to sign in the user.<br />
<br />
====SSO requirements====<br />
<br />
To successfully set up SSO for Adobe software, IT Admins need the following:<br />
<br />
*An understanding of SAML 2.0<br />
*An Identity Provider (IdP) that supports SAML 2.0, and at a minimum must have:<br />
**IDP Certificate<br />
**IDP Login URL<br />
**IDP Binding: HTTP-POST or HTTP-Redirect<br />
**Assertion consumer service URL<br />
*Access to your DNS configuration for the domain claim process<br />
<br />
The login URL of the IdP does not need to be externally accessible for users to be able to access it for logging in. However, if it is only reachable within the organization's internal network, users can only log in to Adobe products when they are connected to the organization's internal network either directly, via wifi or via VPN. It is not necessary for the login page to be accessible only via HTTPS, but it is recommended for security reasons.<br />
<br />
If your organization wants to test SSO integration, it is recommended that you claim a test domain that you own, as long as your organization has an Identity Provider with identities set up in that test domain. This allows you to test the integration before you claim the main domains, until you feel comfortable with the domain claim and configuration process.<br />
<br />
===Configure SAML Settings===<br />
<br />
You can find this information in the Cloudwork Dashboard under Features > Single Sign On > Identity Provider:<br />
<br />
*IdP Certificate: Download it from your dashboard <br />
*IdP Binding: Redirect <br />
*IdP Issuer: Your Entity ID<br />
*IdP Login URL: Your Sign On Endpoint<br />
<br />
When prompted to download the metadata file, you can either email it to us, and we will import it for you, or you can follow the instructions below: <br />
<br />
1. Go to your dashboard<br />
<br />
2. Click Add New Service <br />
<br />
3. Click "Upload an XML File" <br />
<br />
*Give the service a recognisable name (eg, Adobe Enterprise), select the file, and click submit. <br />
<br />
4. Go back to the services list, and select the newly created service, and select "Map Attributes" <br />
<br />
5. Change the "Maps to" values as follows:<br />
<br />
*First Name: FirstName <br />
*Last Name: LastName <br />
*Email: Email <br />
<br />
6. Edit the newly created service and change NameID Value to Email or Username, depending on your chosen identifier. <br />
<br />
7. Proceed with configuring Adobe. <br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=EdSmart&diff=539EdSmart2018-11-19T03:40:00Z<p>Jls: Created page with "To get started, send an email to help@edsmart.com and ask for SSO to be enabled with Cloudwork. They will want a test user and and a copy of your metadata. Your metadata can..."</p>
<hr />
<div>To get started, send an email to help@edsmart.com and ask for SSO to be enabled with Cloudwork.<br />
<br />
They will want a test user and and a copy of your metadata. Your metadata can be found by logging into the Cloudwork Dashboard and navigating to Single Sign On Services > IdP Metadata<br />
<br />
EdSmart will send you a copy of their metadata. Once you have that file, log in to the Cloudwork Dashboard and navigate to Single Sign On Services > Add New Service > Upload an XML File. Fill in EdSmart for the name, and upload the XML file EdSmart have provided.<br />
<br />
Go back to the list of SSO Services, click on your newly created EdSmart service, find Attribute Map, and click Edit. Make sure the following mappings are configured:<br />
<br />
* User Name: UserID<br />
* Email: mail<br />
* First Name: givenName<br />
* Last Name: sn<br />
* Role: role<br />
<br />
Submit the form. Confirm with EdSmart that the metadata has been imported. Once they have completed configuration on their end, they should supply you with your unique login URL for EdSmart.<br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=EducationPerfect&diff=538EducationPerfect2018-11-08T22:58:39Z<p>Jls: Created page with "EducationPerfect # Download https://sso.educationperfect.com/metadata/saml2 and save it as educationperfect.xml # Login in to your Cloudwork Dashboard and go to Single Sign O..."</p>
<hr />
<div>EducationPerfect<br />
<br />
# Download https://sso.educationperfect.com/metadata/saml2 and save it as educationperfect.xml<br />
# Login in to your Cloudwork Dashboard and go to Single Sign On > Add New Service > Upload XML File<br />
# Set the name as EducationPerfect and select the educationperfect.xml file you just downloaded and click Submit.<br />
# Edit the newly created service, and change the NameID value to User Name and click Submit.<br />
# Go to Single Sign On > Identity Provider and note down the metadata url.<br />
# Send an email to support@educationperfect.com asking them to enable SSO and including the following details:<br />
#* The metadata URL from step 5<br />
#* A test student account<br />
#* A test teacher account<br />
#* Confirm that the unique identifier for users is their User Name.<br />
<br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=EnhanceTV&diff=529EnhanceTV2018-09-10T05:57:12Z<p>Jls: </p>
<hr />
<div># Log in to EnhanceTV with an Admin Account<br />
# Click on '''Manage Account'''<br />
# Click on '''Setup SSO'''<br />
# Under EnhanceTV Service Provider, select Download<br />
# In a separate tab or window, log in to your Cloudwork Dashboard<br />
# Navigate to Single Sign On<br />
# Select '''Add New Service'''<br />
# Select '''Upload an XML File'''<br />
# Enter EnhanceTV for name, and select the XML file you saved earlier. Then click '''Submit'''<br />
# Under '''XML File''', select '''Download'''<br />
# Right click and select '''Save as'''. Save this page as cloudwork.xml<br />
# Go back to the list of Single Sign On services, and select EnhanceTV<br />
# Under '''Attribute Map''' select '''Edit''' and configure the following mappings:<br />
#* Email: urn:oid:0.9.2342.19200300.100.1.3<br />
#* Last Name: urn:oid:2.5.4.4<br />
#* First Name: urn:oid:2.5.4.42<br />
#* Groups: urn:oid:1.2.840.113556.1.2.102”<br />
# Go back to EnhanceTV, and select '''Your Identity Provider'''<br />
# Under '''Option 2''', select '''Choose File''' and select the cloudwork.xml file you saved earlier. <br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=EnhanceTV&diff=527EnhanceTV2018-09-10T00:05:05Z<p>Jls: </p>
<hr />
<div># Log in to EnhanceTV with an Admin Account<br />
# Click on '''Manage Account'''<br />
# Click on '''Setup SSO'''<br />
# Under EnhanceTV Service Provider, select Download<br />
# In a separate tab or window, log in to your Cloudwork Dashboard<br />
# Navigate to Single Sign On<br />
# Select '''Add New Service'''<br />
# Select '''Upload an XML File'''<br />
# Enter EnhanceTV for name, and select the XML file you saved earlier. Then click '''Submit'''<br />
# Under '''XML File''', select '''Download'''<br />
# Go back to the list of Single Sign On services, and select EnhanceTV<br />
# Under '''Attribute Map''' select '''Edit''' and configure the following mappings:<br />
#* Email: urn:oid:0.9.2342.19200300.100.1.3<br />
#* Last Name: urn:oid:2.5.4.4<br />
#* First Name: urn:oid:2.5.4.42<br />
#* Groups: urn:oid:1.2.840.113556.1.2.102”<br />
# Right click and select '''Save as'''. Save this page as cloudwork.xml<br />
# Go back to EnhanceTV, and select '''Your Identity Provider'''<br />
# Under '''Option 2''', select '''Choose File''' and select the cloudwork.xml file you saved earlier. <br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=EnhanceTV&diff=526EnhanceTV2018-09-04T05:48:34Z<p>Jls: Created page with "# Log in to EnhanceTV with an Admin Account # Click on '''Manage Account''' # Click on '''Setup SSO''' # Under EnhanceTV Service Provider, select Download # In a separate tab..."</p>
<hr />
<div># Log in to EnhanceTV with an Admin Account<br />
# Click on '''Manage Account'''<br />
# Click on '''Setup SSO'''<br />
# Under EnhanceTV Service Provider, select Download<br />
# In a separate tab or window, log in to your Cloudwork Dashboard<br />
# Navigate to Single Sign On<br />
# Select '''Add New Service'''<br />
# Select '''Upload an XML File'''<br />
# Enter EnhanceTV for name, and select the XML file you saved earlier. Then click '''Submit'''<br />
# Under '''XML File''', select '''Download'''<br />
# Go back to the list of Single Sign On services, and select EnhanceTV<br />
# Under '''SAML Config''' click '''Edit'''<br />
# Change '''NameID Value''' to '''Email''' and click '''Submit'''<br />
# Under '''Attribute Map''' select '''Edit''' and configure the following mappings:<br />
#* Email: urn:oid:0.9.2342.19200300.100.1.3<br />
#* Last Name: urn:oid:2.5.4.4<br />
#* First Name: urn:oid:2.5.4.42<br />
#* Groups: urn:oid:1.2.840.113556.1.2.102”<br />
# Right click and select '''Save as'''. Save this page as cloudwork.xml<br />
# Go back to EnhanceTV, and select '''Your Identity Provider'''<br />
# Under '''Option 2''', select '''Choose File''' and select the cloudwork.xml file you saved earlier. <br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=Moodle&diff=525Moodle2018-08-13T01:04:04Z<p>Jls: </p>
<hr />
<div>This guide assumes that you have installed the following SAML2 plugin for your Moodle website: https://moodle.org/plugins/auth_saml2<br />
<br />
Before you start, you need your IdP metadata url.<br />
<br />
Get your metadata URL - Log in to Cloudwork Dashboard -> Single Sign On -> Identity Provider -> Copy the entity ID url<br />
<br />
# Enable the SAML2 plugin (click the grey crossed-out eye)<br />
# Go to the SAML2 plugin's settings<br />
# Paste the metadata URL into the "IDP metadata xml OR publix xml URL" field<br />
# Click on Download SP Metadata<br />
# If you are mapping users on username, change Mapping Idp value to User-Name<br />
# To create accounts automatically on SSO login, change 'Auto create users' to Yes.<br />
# Under Data mapping, update the following settings:<br />
#* Data mapping (First name): givenName<br />
#* Data mapping (Surname): sn<br />
#* Data mapping (Email address): mail<br />
# Click Save changes<br />
# Log in to the CLoudwork Dashboard. Go to Single Sign on-> Add New Service -> Upload an XML File<br />
# Give the new service a name, and select the saved XML file from step 4.<br />
# Open a new browser or incognito window, and test login. You will see a Login via SAML2 button on the login page.<br />
<br />
SSO is now configured and working. You may now wish to configure other settings in the Moodle plugin settings. Settings of interest:<br />
<br />
* IdP label override: Customise the SSO login button text.<br />
* Dual login: By default, allows username/password based logins as well. Change to no to force users to use SSO. Admin login page is still accessible at /login/index.php?saml=off<br />
* Other data mapping fields and settings. This guide limits itself to Cloudwork's default attributes. If you have updated the service's attribute map in Cloudwork to send extra data, you can configure it here.<br />
<br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=Moodle&diff=524Moodle2018-08-13T01:02:36Z<p>Jls: Created page with "Before you start, you need your IdP metadata url. Get your metadata URL - Log in to Cloudwork Dashboard -> Single Sign On -> Identity Provider -> Copy the entity ID url # En..."</p>
<hr />
<div>Before you start, you need your IdP metadata url.<br />
<br />
Get your metadata URL - Log in to Cloudwork Dashboard -> Single Sign On -> Identity Provider -> Copy the entity ID url<br />
<br />
# Enable the SAML2 plugin (click the grey crossed-out eye)<br />
# Go to the SAML2 plugin's settings<br />
# Paste the metadata URL into the "IDP metadata xml OR publix xml URL" field<br />
# Click on Download SP Metadata<br />
# If you are mapping users on username, change Mapping Idp value to User-Name<br />
# To create accounts automatically on SSO login, change 'Auto create users' to Yes.<br />
# Under Data mapping, update the following settings:<br />
#* Data mapping (First name): givenName<br />
#* Data mapping (Surname): sn<br />
#* Data mapping (Email address): mail<br />
# Click Save changes<br />
# Log in to the CLoudwork Dashboard. Go to Single Sign on-> Add New Service -> Upload an XML File<br />
# Give the new service a name, and select the saved XML file from step 4.<br />
# Open a new browser or incognito window, and test login. You will see a Login via SAML2 button on the login page.<br />
<br />
SSO is now configured and working. You may now wish to configure other settings in the Moodle plugin settings. Settings of interest:<br />
<br />
* IdP label override: Customise the SSO login button text.<br />
* Dual login: By default, allows username/password based logins as well. Change to no to force users to use SSO. Admin login page is still accessible at /login/index.php?saml=off<br />
* Other data mapping fields and settings. This guide limits itself to Cloudwork's default attributes. If you have updated the service's attribute map in Cloudwork to send extra data, you can configure it here.<br />
<br />
<br />
[[Category:Single Sign On Services]]</div>Jlshttps://wiki.studentnet.net/index.php?title=Main_Page&diff=523Main Page2018-07-25T02:46:26Z<p>Jls: </p>
<hr />
<div>Welcome to the Studentnet Wiki Pages<br />
<br />
These pages provide you with a single place to find out more about Studentnet<br />
products, such as the Cloudwork Dashboard and our Single Sign On services.<br />
Simply click on the links below to look up the specific utilities that interest<br />
you, and access our comprehensive step-by-step guides on how to use them.<br />
<br />
[https://wiki.studentnet.net/index.php?title=Category:Cloudwork_Dashboard Cloudwork Dashboard]<br />
<br />
[https://wiki.studentnet.net/index.php?title=Category:Single_Sign_On_Services Single Sign On Services]</div>Jls