All Collections
Administration
Users & Security
Setting up Single Sign-On (SSO)
Setting up Single Sign-On (SSO)

Configure your department to use the University's central Username & Password to access ARMS

Austin Glass avatar
Written by Austin Glass
Updated over a week ago

Download Setup Instructions: ARMS_SSO_Setup.pdf
โ€‹
ARMS provides Single Sign-On (SSO) capabilities through integration with university systems via the Shibboleth system. Shibboleth is a web-based technology that implements the HTTP/POST, artifact, and attribute push profiles of SAML, including both Identity Provider (IdP) and Service Provider (SP) components. While ARMS utilizes Shibboleth as its SP Provider, ARMS can support SSO via a SAML integration with a number of providers. This includes, but is not limited to: Shibboleth, OKTA, and Microsoft AD/Azure.
โ€‹
Setting up SSO is very easy and can be set up by your IT group with the following steps. Please note that we prefer to do the initial configuration and testing in our testing environment.

1. Your IT group will load ARMS's information into your "IdP"

ARMS public key for testing is located at https://clients.armssoftware.com/sso/sp-metadata.staging.xml.
ARMS public key for production is located at https://clients.armssoftware.com/sso/sp-metadata.xml.

2. Your IT group will need to provide answers to the following questions:

A. Where can we obtain the metadata for your production IdP? (ex: https://shib.university.edu/idp/shibboleth)

B. Do you have a logout endpoint that ARMS should redirect to when a user logs out of ARMS, for any cleanup tasks that need to occur on your end during logout? If so, what is the URL?

C. Do you have a preferred attribute (ie: eduPersonPrincipalName, email) that you would like to send from your IdP that we can use to identify the user? Note: ARMS prefers to use the eduPersonPrincipalName attribute but can work with your IT group if they prefer an alternative. The only requirement is that the attribute be fully scoped, which means the value sent over will include your domain name (ie: username@university.edu).

D. Do you have a test user account we can use to attempt authentication? What are the credentials?

3. ARMS will set everything up to point to your university's login page.

4. Initial testing will be completed by ARMS using the test account provided. After testing, ARMS will provide you with a link to confirm the SSO login process is working as expected. If there are any issues, then ARMS will work with your IT group to determine why the integration is not working.

5. Once SSO integration has been verified, the following steps will be completed:

A. ARMS will work with you to confirm that all staff and student-athletes are properly set up in ARMS with their University username.

B. You can optionally send an email to users telling them that they should now select the "Do you access ARMS with your school's central login?" link on the login page.

C. If a user attempts to log in with their old ARMS direct login, they will be prompted to select their school and login with your school credentials. This step in particular makes the transition pretty seamless.

Did this answer your question?