Single Sign-on (SAML 2.0)

The Security Assertion Markup Language (SAML) is an XML-based standard to exchange authentication and authorization information. SAML was developed by the security services technical committee of the Organization of the Advancement of Structured Information Standards (OASIS). SAML is designed to allow federated systems with different management systems to interact through simplified sign-on and single sign-on exchanges. A technical overview is available from OASIS.

OASIS cites the following advantages of SAML:

  • SAML abstracts the security framework away from platform architectures and particular vendor implementations. Making security more independent of the application logic as an important tenet of Services-Oriented Architecture.
  • SAML does not require user information to be maintained and synchronized between directories.
  • SAML enables single sign-on by allowing the user to authenticate at an identity provider and then access services providers without additional authentication. In addition, identity federation (linking of multiple identities) with SAML allows for better-customized user experience at each service while promoting privacy.
  • Using SAML to “reuse” a single act of authentication (such as logging in with a username and password) multiple times across multiple services can reduce the cost of maintaining account information. This burden is transferred to the identity provider.
  • SAML can act to push responsibility for proper management of identities to the identity provider, which is more often compatible with its business model than that of a service provider.

Here you will find some helpful information on configuring a single sign-on using SAML for your Yodeck account.

Advanced Settings

Group Managed Service accounts are perfect identity solutions for services running on multiple hosts, and using group password management requires no administration overhead as password management is handled automatically using known Servers across multiple hosts.

If you intend to configure a federation server farm environment in Active Directory Federation Services (ADFS), you must create and configure a dedicated service account in Active Directory Domain Services (ADDS) where the farm will reside. You then configure each federation server in the farm to use this account. You must complete the following tasks in your Yodeck Account when you want to allow client computers on the corporate network to authenticate to any of the federation servers in an ADFS farm using Windows Integrated Authentication.

  1. Attribute name for NameID: Choose if you want to use the default NameID or to set another Attribute of your choice.
  2. User’s Name: Choose if you want to keep the same User Name (Yodeck’s Username- email) or to overwrite the name and set it like your ADFS’s user details.
  3. Automatically Create Users: Enable this to use ‘Just-in-Time Provisioning’ with SAML, i.e. to automatically create new authorized Users coming in from your Identity Provider
  4. Use SAML Group Access : Enable this to automatically modify User permissions based on a SAML Group. Use Groups to Permissions Mappings to specify the Permissions that each Group has.
    1. Type a name for your Group
    2. By clicking the grey button called ” Add Group Mapping “, you can create groups like your ADFS groups. The users that will join this group will inherit the Group’s Account Permissions and Roles. Each Group can have different Account Permissions.
    3. If you have the Workspace feature, you can also set different Roles to this Group by clicking the “Add Role” button.

Groups to Permissions Mapping setup wizard