Configuring SSO service provider for Education clients

What we need: Please send the following to the new client and copy in alex.rayfield@thomsonreuters.com

- START -

User access to the Reuters Screenocean platform can be setup to link to your exising Single Sign On for better security and management of users. 

Identity of users can be verified either if you are affiliated with an existing Single Sign On third party system Identity Provision system (UK Federation or Edugate) or alternativly by us connecting directly to your own identity provision system.

Please let us know which method you would prefer and then please provide the requred details so we can get you setup. 

Identity Provision via third party providers UK Federation or Edugate:
- Please provide entityID of your organisation as listed within the identity provider. 
For example: https://shibboleth.aber.ac.uk/shibboleth
(If entityID not know please inform us if you are on either UK Federation or Edugate and we can look it up)

Identity Provision via direct connection to a universities IDP (identity provision):
- Please apply the following metadata file/link to your identity system: https://reuters.screenocean.com/ssoserviceprovider/metadata
- Please then return to us your own identity metadata XML/link making sure to include the following two attributes as they are required for the SSO to work:
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 (eduPersonTargetedID) - This attribute be a unique ID (i.e. this is a user ID). This is a required attribute. urn:oid:0.9.2342.19200300.100.1.3 (user.mail) - This will import the user's email address, pre-populating their registration form on the user's first visit to the site. The user can opt to use a different email address.


Once either of the above has been recieved we will proceed with the setup and contact you when we are ready for testing and to walk you through the next steps of the setup. 

- END -

Identity Provision via third party providers UK Federation or Edugate:

What to request from university/client:
  • ○ EntityID of their organisation as listed within the preferred identity provider. 

  1. Provided the university/client is registered with either federation listed below we can connect using an existing connection setup on Reuters Screenocean. Please check if they are listed in the following links:
  2. From the list find the Organisation Name that corresponds with the university/client and copy the EntityID.
    For example for Aberystwyth University the entityID is: https://shibboleth.aber.ac.uk/shibboleth

     
  3. Next create a new organisation within the Reuters platform:
    • ○ Admin → Manage Users / Groups → Manage Organisations → Create Organisation
    • ○ Enter Name of organisation as you wish it to appear on the login page. 
    • ○ Enter a contact email address, either the client tech contact or a Imagen/Screenocean contact.
    • ○ Login Settings:
      • ▪ Login Type = Federated Single sign-on
      • ▪ Federation = UK Federation or Edugate Federation (Ireland)
      • ▪ IdP Entity ID = The organisation ID you copied from the federation pages (e.g: https://shibboleth.aber.ac.uk/shibboleth)
         
      • ▪ Click Save

  4. Make sure the new organisation is enabled in the Organisation list.


  5. On a different browser / incognito window go to the login page and click the new organisation. This should take you through to the branded university/client login page
       

  6. Please request a contact at the university/client to try login into the platform asking them to provide information on any error messages they encounter. 

  7. If the setup is successful they will be routed to the registration page where they will be asked to complete the remaining user account information. 

  8. If issues are present a ticket will need to be raised with Imagen Support Imagen.Support@thomsonreuters.com, please also copy in alex.rayfield@thomsonreuters.com

Identity Provision via direct connection to a universities IDP (identity provision):

What to request from university/client:
  • ○ Their IdP metadata XML contain required attributes (after we have sent them ours). 

  1. Send this link to university/client they will use this to add Reuters Screenocean to their identity system:
  2. 2) University/client then also sends us an XML Metadata file/link in return. Please request that they include the following two attributes as they are required for the SSO to work:
    urn:oid:1.3.6.1.4.1.5923.1.1.1.10 (eduPersonTargetedID) - This attribute be a unique ID (i.e. this is a user ID). This is a required attribute. urn:oid:0.9.2342.19200300.100.1.3 (user.mail) - This will import the user's email address, pre-populating their registration form on the user's first visit to the site. The user can opt to use a different email address.
     
  3. Next create a new organisation within the Reuters platform:
    • ○ Admin → Manage Users / Groups → Manage Organisations → Create Organisation
    • ○ Enter Name of organisation as you wish it to appear on the login page. 
    • ○ Enter a contact email address, either the client tech contact or a Imagen/Screenocean contact.
    • ○ Login Settings:
      • ▪ Login Type = Single sign-on
      • ▪ IdP Metadata XML = Paste here the metadata XML data provided by the university/client and save.


      • ▪ Once done it should look something like this:
      • ▪ Click Save

  4. Make sure the new organisation is enabled in the Organisation list.


  5. On a different browser / incognito window go to the login page and click the new organisation. This should take you through to the branded university/client login page
       

  6. Please request a contact at the university/client to try login into the platform asking them to provide information on any error messages they encounter. 

  7. If the setup is successful they will be routed to the registration page where they will be asked to complete the remaining user account information. 

  8. If issues are present a ticket will need to be raised with Imagen Support Imagen.Support@thomsonreuters.com, please also copy in alex.rayfield@thomsonreuters.com