View file | ||
---|---|---|
| ||
View file | ||
|
To download above documents:
...
Click on desired document
...
Click on cloud symbol in the upper right-hand corner of your screen, this will allow you to download, save and/or print
...
On this page:
Table of Contents | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Overview
To increase adoption and provide a seamless experience, Deem provides single sign - on (SSO) capabilities for enterprise services, employing a wide variety of industry open standards. Through the use of SAML 2.0, an enterprise can provide seamless access for its employees without any additional user authentication, and without requiring users to remember new passwords.
For users, SSO is all about experience: fewer passwords to manage , and fewer barriers to getting their job done. Enterprise employees can automatically be provisioned and authenticated, becoming immediately productive with Deem services in a completely transparent manner. For an enterprise, SSO translates into higher adoption rates, tighter security, fewer help-desk calls, and enhanced return on existing technology investments.
By integrating Deem enterprise services with enterprise identity stores, it is also possible to include user provisioning information in the SAML single sign-on token. This allows a single process flow from the corporate Identity Provider into Deem, eliminating the need for a separate provisioning process. If the user does not already exist in the Deem system, or if there is updated information about the user, the SAML assertions may contain provisioning information, allowing for automated, simultaneous update or pre-population of the user's profile when they log in.
Table of Contents | ||||
---|---|---|---|---|
|
Required profile attributes
The following case-sensitive attributes are required when sending a provisioning request:
externalID: This is a unique identifier for the user that correlates to the enterprise's system. This is typically an employee number , or some other unique identifier that will not change over time.
userName: This is another unique identifier for the user. Specifically, this will be the username that appears in the user interface for Deem services, and would be used for logging in, if SSO was not enabled.
email: The user's email address. This must be unique within your company.
firstName: The user's first name.
lastName: The user's last name.
Optional profile attributes
The following case-sensitive attributes may optionally be sent along with the required attributes:
|
|
Additional profile attributes are employeeType, departmentCode, misField1, misField2, misField3, misField4, misField5, and misField6.
Steps to set up SSO
...
TMC email Channel Sales Manager requesting SSO
Provide if SSO is for
Desktop and Mobile
Only Desktop
Client Contact
Channel Sales Director will provide TMC
...
SOW
...
Submit a Statement of Work (SOW).
Please have the Single Sign on Integration form completed.
Please click link for Single Sign On Integration Form.
TMC will then need to have
...
forms completed before integration can be completed
...
SingleSignOn-Integration-Deem-Form:
Provide to client so they have a chance to prepare for integration with Deem (See attached)
Customer Experience with SSO and Deem mobile:
...
.
...