Single-Sign-On, or SSO, allows student, faculty and administrative users at your school to log into Osmosis using their school credentials. You can learn more about how SSO works here. Osmosis supports SSO through the SAML 2.0 protocol. Here is a list of SAML-based products and services, one or more of which may be used at your school.
Osmosis (the Service Provider or SP) requires the school (the Identity Provider or IDP) to pass the student email or a unique identifier (sent as subject-id) as attributes as part of the SSO implementation. This is an IDP-initiated SSO process.
Basic process for implementing SSO with Osmosis for your school:
- Partner School shares their FederationMetadata.xml file with Osmosis.
- Osmosis shares their FederationMetadata.xml file with the school.
- Osmosis creates a test account in the Osmosis DB.
- School uses that same account to log into Osmosis using the new SSO end point.
- School approves eligible users in school's active directory.
- Osmosis implements SSO on the production site and redirects, from osmosis.org, eligible School users to the school portal for authentication: