Overview
To increase adoption and provide a seamless experience, Deem provides single sign-on (SSO) capabilities for enterprise services, employing a wide variety of industry open standards. Through the use of SAML 2.0, an enterprise can provide seamless access for its employees without any additional user authentication, and without requiring users to remember new passwords.
For users, SSO is all about experience: fewer passwords to manage, and fewer barriers to getting their job done. Enterprise employees can automatically be provisioned and authenticated, becoming immediately productive with Deem services in a completely transparent manner. For an enterprise, SSO translates into higher adoption rates, tighter security, fewer help-desk calls, and enhanced return on existing technology investments.
By integrating Deem enterprise services with enterprise identity stores, it is also possible to include user provisioning information in the SAML single sign-on token. This allows a single process flow from the corporate Identity Provider into Deem, eliminating the need for a separate provisioning process. If the user does not already exist in the Deem system, or if there is updated information about the user, the SAML assertions may contain provisioning information, allowing for automated, simultaneous update or pre-population of the user's profile when they log in.
Required profile attributes
The following case-sensitive attributes are required when sending a provisioning request:
externalID: This is a unique identifier for the user that correlates to the enterprise's system. This is typically an employee number, or some other unique identifier that will not change over time.
userName: This is another unique identifier for the user. Specifically, this will be the username that appears in the user interface for Deem services, and would be used for logging in, if SSO was not enabled.
email: The user's email address. This must be unique within your company.
firstName: The user's first name.
lastName: The user's last name.
Optional profile attributes
The following case-sensitive attributes may optionally be sent along with the required attributes:
|
|
Additional profile attributes are employeeType, departmentCode, misField1, misField2, misField3, misField4, misField5, and misField6.
TMC Check list:
Provides steps to take with regards to SSO, both Desktop and Mobile
0 Comments