Active Calendar

Page-Setup-Authentication Settings

RSS

Authentication Settings

Control how users access your calendar site via a user ID and password. By default user accounts are created and managed in Event Publisher. However, Event Publisher supports creation and management of users from external sources via SAML. Users can be authenticated via one of three ways:


  • Authenticated via Event Publisher Accounts
  • Authenticated via SAML Identity Provider
  • Authenticated using both Event Publisher Accounts (visitor profiles) and SAML Identity Provider

Top

Site Authentication

This area allows for you to control how you will manage users logging in to your Event Publisher.


Image of authentication options for Event Publisher and SAML authentication.

You can choose from two options:

  • Event Publisher
  • SAML Identity Provider

Top

Event Publisher

Selecting this check box will allow for users to create an manage their user account via Event Publisher.


Accounts created using Event Publisher will not be managed by your external identity provider.

Top

SAML Identity Provider

Selecting this check box will allow for users to access Event Publisher using an external account managed by your identity provider.


You will manage their administrative permissions and roles via Event Publisher.

Top

Both Event Publisher and SAML Authentication

Your calendar can be configured to allow for both Event Publisher and SAML Identity Provider Authentication. This allows for:


  • Creation of Visitor Profiles by your calendar visitors
  • Ability for Visitor Profiles to submit events for approval if public event submission is enabled.
  • Ability for Visitor Profiles to create favorite events, subscriptions, and view their upcoming events.
  • Easy authentication for your administrative users managed via SAML

Top

User Accounts in Event Publisher

The first time that you sign into the site, you will be added as a visitor profile.


Your calendar administrator will need to assign you the appropriate roles in the application. Group permissions can be used to set the default level of permission, which is discussed below. Additionally, when assigning roles to externally authenticated users in Event Publisher you will search for, create, and modify users via the email address associated to the user.

Top

SAML Configuration

When using SAML, you will need to specify a number of fields to allow Event Publisher to communicate with your Identity Provider. The following Fields will need to be configured:


Image of all attributes that need to be specified when configuring SAML
  • Identity Provider Name: This field is used by Event Publisher and the end-user to better identify the configuration. This field is not used by SAML or SSO metadata files.
  • Metadata URL: Supply the URL of a page that outputs the XML of the identity provider. This URL is accessed by Event Publisher to download information from Identity provider. Upon attempting to save the configuration, Event Publisher will check this URL to determine if it is in a valid SAML Metadata format.
  • Identity Provider Claims: The saml attributes are specified in the identity provider claims. Here you will map your User Identifier, First Name, Last Name, E-mail Address, and Telephone Number.

Top

SAML Attributes

This area defines the default information required to create and authenticate a user in Event Publisher. This information is provided to Event Publisher from the SAML Identity Provider.

  • User Identifier: This field will be used as the USER ID for Event Publisher. In this field provide the http:// route (Active Directory) of the attribute provided by the identity provider which will be used in Event Publisher as the User ID.
  • First Name: This field will be used as the FIRST NAME for Event Publisher. In this field provide the http:// route (Active Directory) of the attribute provided by the identity provider which will be used in Event Publisher as the FIRST NAME
  • Last Name: This field will be used as the LAST NAME for Event Publisher. In this field provide the http:// route (Active Directory) of the attribute provided by the identity provider which will be used in Event Publisher as the LAST NAME of the user.
  • E-mail Address: This field will be used as the EMAIL ADDRESS for Event Publisher. In this field provide the http:// route (Active Directory) of the attribute provided by the identity provider which will be used in Event Publisher as the EMAIL ADDRESS of the user.
  • Telephone Number: This field will be used as the TELEPHONE NUMBER for Event Publisher. In this field provide the http:// route (Active Directory) of the attribute provided by the identity provider which will be used in Event Publisher as the TELEPHONE NUMBER of the user.

Top

Site Settings

This area controls Single Sign Out, and the default permissions applied to SAML authenticated users.


Important note for Multi-Site calendars: This settings is specific to each site, meaning if you have 3 calendar sites, you will need to select the radio option for all 3 sites invdividually. You will need to navigate to each calendar site to do so.
Image of Site Permissions
Top

Enable Single Sign Out

Selecting this radio option will enable SAML External Authorization during the "Sign out" process.


This option is only selectable once you have enabled "Single Sign-On". Please note, not all authorization methods support nor require single sign out.

Top

Default Permissions

This area allows you to control the level of permissions that SAML authenticated users will have once authenticated (signed in).


You can choose to use a group to control permissions, which allows for the greatest level of control.

Top

Apply Group Permissions for authenticated users

Selecting this radio option will enable SAML External Authorization to apply permissions to a user based upon the permissions of a specific group.


Use this option if you would like to have the most control over the dfeautl permissions applied SAML authenticated users.
Apply group permissions for authenticated users.

When selected, the group access panel will be exposed, and show you a list of availble groups to be applied to the SAML authenticated users.

view groups

To select a group, click the "Add" link displayed to the right of the group name.

Select a group.

To view the permissions assigned to the group, click the chevron icon to the left of the group name.

View permissions of a group.

If a user is granted a greater level of permissions via settings > users, the highest level of individual permissions will be applied. See for more information


This setting can be used to allow SAML users to act as administrative users, havign the ability to modify, publish, and delete all events, as well as have access to site and system settings.

Top

Apply Permission to view private events for authenticated users

Selecting this radio option will enable SAML External Authorization to provide access to private calendar sites, as well as the ability to view private events on public calendars.

Apply group permissions for authenticated users.
Top

Do not apply permissions and manage user permissions individually

Selecting this radio option will default the SAML authenticated user to have the same permissions as a Visitor Profile.


They will not be able to submit events unless public event submission has been enabled in site management. They will not have access to private calendar sites, or the ability to view private events on public calendars.
Apply group permissions for authenticated users.


Top

SAML Activation

To begin using SAML as your user authentication mechanism, you must click save at the bottom of the page.

Image of Save Control on SAML setup page.
Top

View your metadata

Viewing this link will open in a new window an xml file of the metadata being provided by Event Publisher.


View MetaData
You will provide this information to your identity provider, this file contains all of the information required to configure SSO with you Identity provider. This link will not be visible until you have completed the setup of your SAML configuration.

Top
Authentication Settings==

Control how users access your calendar site via a user ID and password. By default user accounts are created and managed in Event Publisher. However, Event Publisher supports creation and management of users from external sources via SAML. Users can be authenticated via one of three ways:


  • Authenticated via Event Publisher Accounts
  • Authenticated via SAML Identity Provider
  • Authenticated using both Event Publisher Accounts (visitor profiles) and SAML Identity Provider

Top

Site Authentication

This area allows for you to control how you will manage users logging in to your Event Publisher.


Image of authentication options for Event Publisher and SAML authentication.

You can choose from two options:

  • Event Publisher
  • SAML Identity Provider

Top

Event Publisher

Selecting this check box will allow for users to create an manage their user account via Event Publisher.


Accounts created using Event Publisher will not be managed by your external identity provider.

Top

SAML Identity Provider

Selecting this check box will allow for users to access Event Publisher using an external account managed by your identity provider.


You will manage their administrative permissions and roles via Event Publisher.

Top

Both Event Publisher and SAML Authentication

Your calendar can be configured to allow for both Event Publisher and SAML Identity Provider Authentication. This allows for:


  • Creation of Visitor Profiles by your calendar visitors
  • Ability for Visitor Profiles to submit events for approval if public event submission is enabled.
  • Ability for Visitor Profiles to create favorite events, subscriptions, and view their upcoming events.
  • Easy authentication for your administrative users managed via SAML

Top

User Accounts in Event Publisher

The first time that you sign into the site, you will be added as a visitor profile.


Your calendar administrator will need to assign you the appropriate roles in the application. Group permissions can be used to set the default level of permission, which is discussed below. Additionally, when assigning roles to externally authenticated users in Event Publisher you will search for, create, and modify users via the email address associated to the user.

Top

SAML Configuration

When using SAML, you will need to specify a number of fields to allow Event Publisher to communicate with your Identity Provider. The following Fields will need to be configured:


Image of all attributes that need to be specified when configuring SAML
  • Identity Provider Name: This field is used by Event Publisher and the end-user to better identify the configuration. This field is not used by SAML or SSO metadata files.
  • Metadata URL: Supply the URL of a page that outputs the XML of the identity provider. This URL is accessed by Event Publisher to download information from Identity provider. Upon attempting to save the configuration, Event Publisher will check this URL to determine if it is in a valid SAML Metadata format.
  • Identity Provider Claims: The saml attributes are specified in the identity provider claims. Here you will map your User Identifier, First Name, Last Name, E-mail Address, and Telephone Number.

Top

SAML Attributes

This area defines the default information required to create and authenticate a user in Event Publisher. This information is provided to Event Publisher from the SAML Identity Provider.

  • User Identifier: This field will be used as the USER ID for Event Publisher. In this field provide the http:// route (Active Directory) of the attribute provided by the identity provider which will be used in Event Publisher as the User ID.
  • First Name: This field will be used as the FIRST NAME for Event Publisher. In this field provide the http:// route (Active Directory) of the attribute provided by the identity provider which will be used in Event Publisher as the FIRST NAME
  • Last Name: This field will be used as the LAST NAME for Event Publisher. In this field provide the http:// route (Active Directory) of the attribute provided by the identity provider which will be used in Event Publisher as the LAST NAME of the user.
  • E-mail Address: This field will be used as the EMAIL ADDRESS for Event Publisher. In this field provide the http:// route (Active Directory) of the attribute provided by the identity provider which will be used in Event Publisher as the EMAIL ADDRESS of the user.
  • Telephone Number: This field will be used as the TELEPHONE NUMBER for Event Publisher. In this field provide the http:// route (Active Directory) of the attribute provided by the identity provider which will be used in Event Publisher as the TELEPHONE NUMBER of the user.

Top

Site Settings

This area controls Single Sign Out, and the default permissions applied to SAML authenticated users.


Important note for Multi-Site calendars: This settings is specific to each site, meaning if you have 3 calendar sites, you will need to select the radio option for all 3 sites invdividually. You will need to navigate to each calendar site to do so.
Image of Site Permissions
Top

Enable Single Sign Out

Selecting this radio option will enable SAML External Authorization during the "Sign out" process.


This option is only selectable once you have enabled "Single Sign-On". Please note, not all authorization methods support nor require single sign out.

Top

Default Permissions

This area allows you to control the level of permissions that SAML authenticated users will have once authenticated (signed in).


You can choose to use a group to control permissions, which allows for the greatest level of control.

Top

Apply Group Permissions for authenticated users

Selecting this radio option will enable SAML External Authorization to apply permissions to a user based upon the permissions of a specific group.


Use this option if you would like to have the most control over the dfeautl permissions applied SAML authenticated users.
Apply group permissions for authenticated users.

When selected, the group access panel will be exposed, and show you a list of availble groups to be applied to the SAML authenticated users.

view groups

To select a group, click the "Add" link displayed to the right of the group name.

Select a group.

To view the permissions assigned to the group, click the chevron icon to the left of the group name.

View permissions of a group.

If a user is granted a greater level of permissions via settings > users, the highest level of individual permissions will be applied. See for more information


This setting can be used to allow SAML users to act as administrative users, havign the ability to modify, publish, and delete all events, as well as have access to site and system settings.

Top

Apply Permission to view private events for authenticated users

Selecting this radio option will enable SAML External Authorization to provide access to private calendar sites, as well as the ability to view private events on public calendars.

Apply group permissions for authenticated users.
Top

Do not apply permissions and manage user permissions individually

Selecting this radio option will default the SAML authenticated user to have the same permissions as a Visitor Profile.


They will not be able to submit events unless public event submission has been enabled in site management. They will not have access to private calendar sites, or the ability to view private events on public calendars.
Apply group permissions for authenticated users.


Top

SAML Activation

To begin using SAML as your user authentication mechanism, you must click save at the bottom of the page.

Image of Save Control on SAML setup page.
Top

View your metadata

Viewing this link will open in a new window an xml file of the metadata being provided by Event Publisher.


View MetaData
You will provide this information to your identity provider, this file contains all of the information required to configure SSO with you Identity provider. This link will not be visible until you have completed the setup of your SAML configuration.

Location of view metadata URL link.


Top