The integration can be broadly broken down into the following steps which are described in a generic way. We do not attempt to discus IdP vendor specific implementation details in this article but our main documentation does contain other articles related to non-Third Light software.
1) If you are an IT team member, please ask a member of the team that runs your Chorus system to create a 'Chorus Site Administrator' account for you. They can do this from their Admin > Users > Create New user page. They should setup the account with 'Administrate Site' abilities
Please note that Third Light do not maintain or manage user accounts on behalf of our customers.
2) Starting from the Chrous SAML2 Configuration Screen, supply Chorus with the metadata URL from your Identity Provider (IdP) or paste the metadata manually although the former is preferred.
Admin > Site > SAML2
3) Once the IdP metadata has been supplied to Chorus, Chorus will then display a number of Service Provider (SP) properties which can then be used to configure your IdP. Please note that you may need to contact the support department of your IdP for advice in configuring their product.
4) At this point the SSO login button should be available on the front page of your Chorus site. Clicking it should take you to the the login page of your IdP. The configuration is partly complete now but you must now configure your IdP to pass various pieces of information about user accounts to Chorus.
5) Look in your IdP's configuration screens for pages that allow you to setup 'attributes'. Microsoft may refer to these as these 'claims'.
| Requirement | Attribute | Schema | Notes |
|---|---|---|---|
| Mandatory | Persistent format NameID | N/A - specific to the IdP | This value must never change. It is used to identify the user. Duplicate accounts will appear if this value changes. |
| Mandatory | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | ||
| Strongly Encouraged | Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
| Strongly Encouraged | Username | http://schemas.xmlsoap.org/claims/CommonName | |
| Useful | Groups | http://schemas.xmlsoap.org/claims/Group | Groups can be mapped to Chorus spaces |
| Helpful | Description | http://schemas.microsoft.com/ws/2008/06/identity/claims/role | e.g. User job title |
Please be aware that IdP implementations by different vendors may use different terminology to describe the above. This table states what Chorus uses and must be sent from the IdP. You may need to contact the support department of your IdP if you are unsure how to configure the attributes within the IdP.
6) After setting up the attributes, try a login to Chorus with a test account. Ensure that the fields above are populated by inspecting the properties of the newly created account in Chorus:
Admin > Users > Search for username > Edit
