For most implementations, single sign-on is not necessary because CloudCard's secure login links provide excellent security with the least possible user friction, which increases user adoption. However, there are many use cases for which SSO improves the user experience.
For our A+ customers, CloudCard can deploy an SSO Connector in our Cloud for SAML2 identity providers which includes CAS, Shibboleth, and ADFS.
Process:
- Install the metadata for our test SSO connector on your IdP.
- Create a test login account for CloudCard Support
- Securely communicate the following to CloudCard Support
- authentication credentials for the test login account
- the SAML attribute mapping for
- email address
- ID number*
- any custom fields if you want to provision or update users via SSO
- CloudCard will configure the test SSO connector.
- If applicable, CloudCard will request the creation the CNAME record that will point to the production SSO connector.
- CloudCard will deploy your production SSO connector.
- Install the production metadata in you production IdP.
- CloudCard will conduct final testing and configuration.
Simplified SSO Integration Diagram
DIY SSO:
Because CloudCard uses a stateless, token-based authentication protocol, implementing SSO on premises is relatively trivial. For an example, check out the cloudcard-auth-csharp GitHub project. This command line project demonstrates how to consume the necessary API endpoints to retrieve auto-login links on a secured web page, so authenticated users on your site will automatically be logged into Online Photo Submission when they click the login link. This project also demonstrates how to create/update users if necessary.