C-2-E SAML SSO

Summary

Overview

Refined tags

PDF download

 

Summary


The Connect-2-Everything landing page by Refined Data allows Adobe Connect account holders to present a registration form for access to meeting rooms as a landing page.

 

The Connect-2-Everything Security Assertion Markup Language (SAML, pronounced sam-el) Single Sign On (SSO) provides the authentication and authorization between a client’s identity provider (or other identity providers) and Refined Data’s service provider.

 

The Connect-2-Everything SAML adds additional functionality in the form of additional SSO options to the landing page provided to users before accessing an Adobe Connect meeting room. When in use, the SAML SSO processes three scenarios:

  • If the user does not exist in Adobe Connect, the system will create the user and add the user to the correct group for access to the designated Adobe Connect meeting room.
  • If the user already exists in Adobe Connect, created previously via API call, the SAML SSO updates the password and grants access to the meeting room.
  • If the user was created manually in Adobe Connect, the system will ask for a password and then grant access to the Adobe Connect meeting room.

When the integration with the client’s identity provider is completed, any Adobe Connect meeting room URL can be added to the landing page URL to direct the user to fill in the meeting access form or use the SSO to enter the meeting room. 

  • URL: http://CLIENT.connect2everything.refineddata.com/lp/form/ROOM (Full path) This URL is used when SAML is enabled or disabled.
  • URL http://CLIENT.connect2everything.refineddata.com/ROOM (Short path) This URL can only be used if SAML is disabled.

Overview


The landing page form is oriented with the title and description of the meeting room at the top of the page. The title and description is populated with the information provided for that meeting room in Adobe Connect. The header and footer can be customized to match each client’s website and the landing page is responsive.

HTML is allowed in the description.

  • If the description provided is not done in HTML (but via a WYSIWYG editor), the system will make the conversion to HTML automatically.
  • If the description includes certain HTML , the system will assume the description input contains HTML and will not make any assumptions to add any additional HTML.

 

 

The left side of the form retains the original access option, via Enter as a guest fields.

The fields for the guest form can be set per client in the database with the ability to make certain fields mandatory or not. The process of filling in the guest form will create an authenticated user. Users do not have the ability to enter their Adobe Connect login credentials to access the meeting room.

 

If the user does not enter their email address, and selects enter meeting, an error message (“Could not create user, require either login or email and neither was provided”) will display directing the user to provide their credentials.

 

The right side of the form adds additional SSO options when enabled.

 

NOTE: If the SAML SSO is disabled, only the guest form will appear to the user.

SSO options:

  • Sign in with Google
  • Sign in with LinkedIn
  • Sign in with Facebook
  • Sign in with Twitter
  • Sign in with Refined Data (Or sign in with [[client identity provider]])

The client identity provider or corporate provider is custom to each client with the ability to customize the SSO button to the client’s branding. This is set in the database for each corporate account.

The first time a user accesses an Adobe Connect meeting room via the SAML SSO options, the user will be redirected to a third-party authorization login page. The user must grant permission to sign in with the account of their choosing. After authentication, the user is redirected back to the Connect-2-Everything landing page and the Adobe Connect meeting room is automatically launched.

 

EXAMPLE: A user chooses to sign in with their Google account and the Google account will request the user’s permission for the Refined Data system to gather information about the user.  

 

1) Know who you are on Google

2) View your email address

3) View your basic profile info

 

Once accepted, the user is redirected to the meeting room.

Once this first time verification is complete, the next time a user chooses to access an Adobe Connect meeting room via the SAML SSO, the user will be directly placed into the meeting room.

 

To change authentication naming, the client can create their own Google account and update the heading on the authentication page. Learn more here.

 

Users with Adobe Connect administrator or host accounts can access Adobe Connect Central via the SSO using the URL http://CLIENT.connect2everything.refineddata.com with no meeting information in the URL. These accounts are logged in with the client’s identity provider.

 

When accounts are created in the SAML SSO process, whatever identity information is passed from the identity provider becomes the username. Therefore, users who continue to use their account on Adobe Connect for administrative purposes (administrator and host accounts), may need to have their login credentials updated. There is also the option to configure the system to not update administrator and host account passwords so those users can continue to log in directly to Adobe Connect.

 

If the identity provider provides username credentials that are different than the user’s email, the Adobe Connect account will need to disable email as username so the SSO can match credentials.

 

Refined Tags 


Refined Data has created a series of Refined Tags that can be used in conjunction with the SAML SSO, when enabled, to modify the functions of the landing page.

 

Tags are added in the meeting description in Adobe Connect under the “edit information” tab of a meeting. The system removes the tags before they are displayed allowing the tags to be placed anywhere in the description and effectively applying the tags, but not displaying them.

 

[[early=redirectURL,minutes]] - Provide a number of minutes in this tag, and if the user is early to the meeting by that specified number of minutes or earlier, the user is redirected to the redirect URL provided. The redirectURL must be a full URL that includes “http(s)://”. If this tag is not included, the system will perform whatever function it normally performs when a user is early.

 

[[late=redirectURL,minutes]] - Provide a number of minutes in this tag, and if the user is late to the meeting by that specified number of minutes, the user is redirected to the redirect URL provided. The redirectURL must be a full URL that includes “http(s)://”. If this tag is not included, the system will perform whatever function it normally performs when a user is late.

 

NOTE: Each client database has a setting accessible by administrators in administration settings for whether the system should checks times. The above tags only apply if that setting is switched to on. If the setting is off, the the system assumes that the user should have direct access to the meeting room.

 

[[allowarchive=true,days]] - Provide a number of days that specifies, if a user is late to a meeting, but within the provided number of days, a message is displayed notifying the user they are late. If the user is late to the meeting outside of the specified number of days , the system will check for an archive of the meeting and direct the user to the archive or recording of the meeting. If there are multiple recordings available, the system will refer the user to the most recent recording.

 

A day is defined as 24 hours and the tag only accepts day calculations (hours or minutes are not allowed. However, .5 could be entered as a ½ day value). The tag can also be displayed [[allowarchive=false,days]] which is the equivalent to not using the tag.

 

[[domain=domain1,domain2...]] - Provide a list of domains separated by a comma and the system will only allow users access to the meeting room if their domain matches the list of designated domains.  This tag only applies to the email field in the guest form. The tag does not notify the user which domains are approved.

 

[[denyguests=true]] / [[allowguests=true]] - There is a default setting for each client specifying whether guests are allowed or not allowed within meeting rooms. These tags are used to reverse that system default. If these tags are not present, then the system will default to the system setting.

 

[[private=true]] - Use this tag to deny access to a meeting room unless a user is specifically added to the Adobe Connect group allowing access to the meeting room. Standard practice dictates that without the use of this tag, users are created (if they don’t exist) and added to the meeting room group. If the tag is applied, then users not in the group are not allowed to access the meeting room.

 

If a user has the meeting room URL, but is not specifically added to the associated group, (and the tag is applied), the user is added to Adobe Connect, but not the group and is prevented from accessing the meeting room.

 

[[theme=lookandfeel1]] - If a client has more than one theme available, the theme defined among meeting rooms can be set using this tab. The meeting room’s URL would display the selected theme designated in the tag. Refined Data creates the theme in the client’s database.

 

[[forcebrowser=true]] - If this tag is added, the meeting room URL will add the suffix launcher=false, forcing the meeting room to launch in a browser. This tag overrides any individual user’s use of the add-in.

 

[[denyauth=google, linkedin, …]] / [[allowauth=google, linkedin, …]] - On a per meeting basis, specify the allowed SSO options for authentication by listing them in the tag separated by commas.

PDF download

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.