Want some help?
Need help planning an integration with SaaS or other vendor software? Want a partner by your side to discuss single sign-on (SSO) with your vendor? Submit a request for an SSO consultation. Our simple request form collects your initial goals and opens a ticket for you in UW Connect. We’ll review the information and help you develop your approach to integrating SSO.
- Define your high-level goals. Who are your users? Do all they all have UW NetIDs? How sensitive is your data? What is your policy for access? These are key questions to answer as you plan your integration—not only for SSO but for enabling and securing access in general.
- Submit a request for an SSO consultation (above; optional). Contacting us earlier in your project is better. We can review your goals and help you develop your approach to integrating SSO. Generally, we’ll assign an IAM Specialist to assist you with the integration, but you will remain in control of the vendor relationship and related technical configuration.
- Procure your product. During the procurement phase of your project, ensure potential vendors know you plan to integrate SSO. Ask them if they support SAML 2.0. If they provide services to large enterprises and/or other customers in the research and education community, they’ll be familiar with SAML 2.0. It is a well-known technical standard for SSO.
- Obtain vendor documentation for SSO. Ask your vendor to share information on how they enable customers to integrate SSO. In particular, ask for their technical guide or documentation on using SAML 2.0. The remaining steps assume they support SAML 2.0.
- Register the service with the UW Identity Provider. Our documentation on using SAML 2.0 for SSO describes how to register a service provider with the UW Identity Provider. The vendor’s guide for SSO integration will describe what registration information you need to configure in the UW Identity Provider, and our SAML 2.0 for SSO documentation describes how to use self-service registration to do the configuration.
- Register the UW Identity Provider with the vendor product. Now follow the vendor’s guide to register the UW Identity Provider with their product. As with the previous step, you can refer the vendor to our documentation on using SAML 2.0 for SSO. It describes how to configure a service to rely on the UW Identity Provider.
- Request user attributes required to provide the service. Once the service is registered with the UW Identity Provider, you can request the release of appropriate user identifiers and attributes. Follow the vendor’s guide to determine what identifier(s) are required by the product to uniquely identify users. The UW Identity Provider supports several standard identifiers based on UW NetID. If the product also requires other user attributes (e.g. name, email, affiliations, group memberships), you can request them too. As the owner of the business relationship with the vendor, you’ll need to consider what user attributes are required to provide the service and how the released attributes will be protected by the vendor. If you requested an SSO consultation, we can help you obtain the necessary approvals or authorizations needed to release identifiers and user attributes to third-party vendors. Refer to IT Vendor Risk Management (Office of the CISO) and Privacy by Design (UW Privacy Office) for guidance on vendor risk and sharing data with third parties.
- Finalize your configuration. At this point, you can test your configuration to ensure the service works as planned. Refer to our documentation on using SAML 2.0 for SSO for other topics related testing. Before you finalize your configuration, please verify that email contact information for the service has been provided in the registration of the service. The email contact information is critical to operations; we will notify the registered email contacts about significant changes to the UW Identity Provider.
- Close our consultation. Once your SSO integration is ready for production, we’ll close our consultation (if one was requested). If significant issues or concerns arise during the integration, we’ll summarize them and their impacts so that you and your vendor understand what improvements should be made if the vendor relationship is going to last.